CVE-2009-0743

Sažetak

Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field.

Reference

http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html
http://www.securityfocus.com/archive/1/501251/30/0/threaded
http://www.securityfocus.com/bid/33915
http://www.securitytracker.com/id?1021778
https://exchange.xforce.ibmcloud.com/vulnerabilities/48965

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:30

Objavljeno

27-02-2009 - 17:30