CVE-2007-4284 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-4284
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4284

Description: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/35871 ST 1018537 SREASON http://securityreason.com/securityalert/2990 SAID Secunia Advisory: SA26376 FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065134.html CISCO http://www.cisco.com/en/US/products/products_security_response09186a008089969e.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/475840/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/475845/100/0/threaded BID 25237

Return to the previous page.