Lucene search

[email protected]CVE-2007-1467

HistoryMar 16, 2007 - 9:19 p.m.

CVE-2007-1467

2007-03-1621:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-1467

cross-site scripting

xss

cisco

acs

vpn client

meetingplace

callmanager

security

nam

ciscoworks

wireless lan solution engine

wlc

wcs

5.8 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

84.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.

CPENameOperatorVersion
cisco:unified_video_advantagecisco unified video advantageeq*
cisco:unified_videoconferencing_managercisco unified videoconferencing managereq*
cisco:vpn_clientcisco vpn clienteq3.5.2
cisco:vpn_clientcisco vpn clienteq3.5.1
cisco:vpn_clientcisco vpn clienteq3.6.1
cisco:unified_personal_communicatorcisco unified personal communicatoreq*
cisco:wireless_lan_solution_enginecisco wireless lan solution engineeq*
cisco:ip_communicatorcisco ip communicatoreq*
cisco:vpn_clientcisco vpn clienteq3.6
cisco:unified_meetingplacecisco unified meetingplaceeq*

CPE	Name	Operator	Version
cisco:unified_video_advantage	cisco unified video advantage	eq	*
cisco:unified_videoconferencing_manager	cisco unified videoconferencing manager	eq	*
cisco:vpn_client	cisco vpn client	eq	3.5.2
cisco:vpn_client	cisco vpn client	eq	3.5.1
cisco:vpn_client	cisco vpn client	eq	3.6.1
cisco:unified_personal_communicator	cisco unified personal communicator	eq	*
cisco:wireless_lan_solution_engine	cisco wireless lan solution engine	eq	*
cisco:ip_communicator	cisco ip communicator	eq	*
cisco:vpn_client	cisco vpn client	eq	3.6
cisco:unified_meetingplace	cisco unified meetingplace	eq	*

Rows per page:

1-10 of 261

References

secunia.com/advisories/24499

securityreason.com/securityalert/2437

www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html

www.securityfocus.com/archive/1/462932/100/0/threaded

www.securityfocus.com/archive/1/462944/100/0/threaded

www.securityfocus.com/bid/22982

www.securitytracker.com/id?1017778

www.vupen.com/english/advisories/2007/0973

exchange.xforce.ibmcloud.com/vulnerabilities/33024

5.8 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

84.8%

JSON

Related for CVE-2007-1467

cisco1 prion1 securityvulns1