Lucene search

PRIOn knowledge basePRION:CVE-2007-4284

HistoryAug 09, 2007 - 9:17 p.m.

Cross site scripting

2007-08-0921:17:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message.

CPENameOperatorVersion
meetingplace_web_confrencingeq<= 5.3235

CPE	Name	Operator	Version
	meetingplace_web_confrencing	eq	<= 5.3235

References

lists.grok.org.uk/pipermail/full-disclosure/2007-August/065134.html

secunia.com/advisories/26376

securityreason.com/securityalert/2990

www.cisco.com/en/US/products/products_security_response09186a008089969e.html

www.securityfocus.com/archive/1/475840/100/0/threaded

www.securityfocus.com/archive/1/475845/100/0/threaded

www.securityfocus.com/bid/25237

www.securitytracker.com/id?1018537

www.vupen.com/english/advisories/2007/2815

exchange.xforce.ibmcloud.com/vulnerabilities/35871