Cisco Unified MeetingPlace Unspecified Cross-Site Scripting

by Carol~ Moderator - 2/11/13 2:57 PM

In Reply to: VULNERABILITIES / FIXES - February 11. 2013 by Carol~ Moderator

Cisco Unified MeetingPlace Unspecified Cross-Site Scripting Vulnerability

Release Date : 2013-02-11

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Cisco Unified MeetingPlace 7.x
Cisco Unified MeetingPlace 8.x

A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

No official solution is currently available.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory: