CVE-2007-1467

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/24499
http://securityreason.com/securityalert/2437
http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html	Vendor Advisory
http://www.securityfocus.com/archive/1/462932/100/0/threaded
http://www.securityfocus.com/archive/1/462944/100/0/threaded
http://www.securityfocus.com/bid/22982
http://www.securitytracker.com/id?1017778
http://www.vupen.com/english/advisories/2007/0973
https://exchange.xforce.ibmcloud.com/vulnerabilities/33024
http://secunia.com/advisories/24499
http://securityreason.com/securityalert/2437
http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html	Vendor Advisory
http://www.securityfocus.com/archive/1/462932/100/0/threaded
http://www.securityfocus.com/archive/1/462944/100/0/threaded
http://www.securityfocus.com/bid/22982
http://www.securitytracker.com/id?1017778
http://www.vupen.com/english/advisories/2007/0973
https://exchange.xforce.ibmcloud.com/vulnerabilities/33024

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:acs_solution_engine:4.1:::::::*
	cpe:2.3:a:cisco:acs_solution_engine:4.1::windows:::::
	cpe:2.3:a:cisco:ciscoworks::::::::
	cpe:2.3:a:cisco:ip_communicator::::::::
	cpe:2.3:a:cisco:meetingplace::::::::
	cpe:2.3:a:cisco:security_device_manager::::::::
	cpe:2.3:a:cisco:unified_meetingplace::::::::
	cpe:2.3:a:cisco:unified_meetingplace_express::::::::
	cpe:2.3:a:cisco:unified_personal_communicator::::::::
	cpe:2.3:a:cisco:unified_video_advantage::::::::
	cpe:2.3:a:cisco:unified_videoconferencing::::::::
	cpe:2.3:a:cisco:unified_videoconferencing_manager::::::::
	cpe:2.3:a:cisco:vpn_client:3.5.1::linux:::::
	cpe:2.3:a:cisco:vpn_client:3.5.1::solaris:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2::linux:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2::solaris:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2b::linux:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2b::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2b::solaris:::::
	cpe:2.3:a:cisco:vpn_client:3.5.4::linux:::::
	cpe:2.3:a:cisco:vpn_client:3.5.4::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:3.5.4::solaris:::::
	cpe:2.3:a:cisco:vpn_client:3.6::linux:::::
	cpe:2.3:a:cisco:vpn_client:3.6::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:3.6::solaris:::::
	cpe:2.3:a:cisco:vpn_client:3.6.1::linux:::::
	cpe:2.3:a:cisco:vpn_client:3.6.1::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:3.6.1::solaris:::::
	cpe:2.3:a:cisco:vpn_client:4.0.2a::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:4.0.2a::solaris:::::
	cpe:2.3:a:cisco:vpn_client:4.0.2c::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:4.0.2c::solaris:::::
	cpe:2.3:a:cisco:vpn_client:4.8.1::windows:::::
	cpe:2.3:a:cisco:wan_manager::::::::
	cpe:2.3:a:cisco:wireless_lan_controllers::::::::
	cpe:2.3:a:cisco:wireless_lan_solution_engine::::::::
	cpe:2.3:h:cisco:call_manager::::::::
	cpe:2.3:h:cisco:network_analysis_module::::::::
	cpe:2.3:h:cisco:wireless_control_system:4.0:::::::*

History

21 Nov 2024, 00:28

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/24499 -~~	() http://secunia.com/advisories/24499 -
References	~~() http://securityreason.com/securityalert/2437 -~~	() http://securityreason.com/securityalert/2437 -
References	~~() http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html - Vendor Advisory~~	() http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html - Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/462932/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/462932/100/0/threaded -
References	~~() http://www.securityfocus.com/archive/1/462944/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/462944/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/22982 -~~	() http://www.securityfocus.com/bid/22982 -
References	~~() http://www.securitytracker.com/id?1017778 -~~	() http://www.securitytracker.com/id?1017778 -
References	~~() http://www.vupen.com/english/advisories/2007/0973 -~~	() http://www.vupen.com/english/advisories/2007/0973 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/33024 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/33024 -

Information

Published : 2007-03-16 21:19

Updated : 2024-11-21 00:28

NVD link : CVE-2007-1467

Mitre link : CVE-2007-1467

CVE.ORG link : CVE-2007-1467

JSON object : View

Products Affected

cisco

meetingplace
unified_personal_communicator
wireless_lan_controllers
call_manager
wan_manager
vpn_client
wireless_lan_solution_engine
wireless_control_system
ip_communicator
unified_videoconferencing_manager
unified_meetingplace_express
acs_solution_engine
unified_videoconferencing
security_device_manager
network_analysis_module
ciscoworks
unified_meetingplace
unified_video_advantage

CWE

NVD-CWE-Other

3.5 /10