CVE-2009-0743

Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/501251/30/0/threaded	Exploit
http://www.securityfocus.com/bid/33915
http://www.securitytracker.com/id?1021778
https://exchange.xforce.ibmcloud.com/vulnerabilities/48965

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_meetingplace:6.0:::::::*
	cpe:2.3:a:cisco:unified_meetingplace:7.0:::::::*

History

No history.

Information

Published : 2009-02-27 17:30

Updated : 2024-02-04 17:33

NVD link : CVE-2009-0743

Mitre link : CVE-2009-0743

CVE.ORG link : CVE-2009-0743

JSON object : View

Products Affected

cisco

unified_meetingplace

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2009-0743", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-02-27T17:30:09.877", "references": [{"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/501251/30/0/threaded", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/33915", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1021778", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48965", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field."}, {"lang": "es", "value": "Vulnerabilidad Cross-site scripting (XSS), en la p\u00e1gina de editar cuentas en el servidor Web de Cisco MeetingPlace Web Conferencing 6.0 anteriores a v6.0(517,0) (tambi\u00e9n conocido como v6.0 MR4) y v7.0 antes de v7.0(2) (tambi\u00e9n conocido como 7,0 MR1) permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del campo E-mail Address."}], "lastModified": "2017-08-17T01:30:00.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_meetingplace:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52D721B4-C0B8-4B7C-8C18-6B6B699B48E0"}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1B3B645-4500-4B63-8D1A-1139537DA522"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}