Cisco Unified MeetingPlace Unspecified Cross-Site Scripting

by Carol~ Moderator - 2/11/13 2:57 PM

In Reply to: VULNERABILITIES / FIXES - February 11. 2013 by Carol~ Moderator

Cisco Unified MeetingPlace Unspecified Cross-Site Scripting Vulnerability

Release Date : 2013-02-11

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software:
Cisco Unified MeetingPlace 7.x
Cisco Unified MeetingPlace 8.x

Description:
A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1123

http://secunia.com/advisories/52109/