CVE-2009-0743

Exploit

EPSS 0.23%
Veröffentlicht 27.02.2009 17:30:09
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Unified Meetingplace Version6.0

Cisco ≫ Unified Meetingplace Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.43

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html

Patch

Vendor Advisory

http://www.securityfocus.com/archive/1/501251/30/0/threaded

Exploit

http://www.securityfocus.com/bid/33915

http://www.securitytracker.com/id?1021778

https://exchange.xforce.ibmcloud.com/vulnerabilities/48965

https://nvd.nist.gov/vuln/detail/CVE-2009-0743

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0743

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0743

EUVD