5 matches found
CVE-2013-1107
The CVE-2013-1107 case concerns Cisco Webex Social (formerly Cisco Quad). The vulnerability is in the product’s search function, where remote authenticated users could read files via unspecified parameters (Bug ID CSCud40235). The entry has a CVSSv2 base score of 4.0 (Medium) with network attack ...
CVE-2013-1244
The CVE-2013-1244 entry describes an XSS vulnerability in the Cisco WebEx Social portal module. A remote, authenticated user can inject arbitrary web script or HTML via a javascript: URL entered in the link field of a post. The affected component is the portal module of Cisco WebEx Social; the im...
CVE-2013-3392
CVE-2013-3392 affects Cisco WebEx Social. The issue stems from insufficient CSRF protections on multiple WebEx Social web pages, enabling an unauthenticated, remote attacker to hijack a user’s session by inducing them to perform unwanted actions. Root cause: CSRF protection gaps that allow arbitr...
CVE-2013-1245
Cisco WebEx Social’s user-management page is vulnerable to a client-side validation bypass that, due to insufficient server-side validation, lets an authenticated remote attacker inject arbitrary values into Screen Name, Email Address, First/Middle/Last Name, and Job Title fields. Impact: bypass ...
CVE-2012-6397
Cisco WebEx Social (formerly Cisco Quad) is affected by CVE-2012-6397, a Cross-site Scripting (XSS) vulnerability exploitable via a crafted RSS service link (Bug ID CSCub61977). The vulnerability enables remote attackers to inject arbitrary web script or HTML. Core impact is partial integrity exp...