Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified MeetingPlace Server Cross-Site Scripting Vulnerability

Cisco-SA-20130213-CVE-2013-1123 · Medium · Published · Updated

Cisco Unified MeetingPlace Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient sanitization of user-supplied input processed by the Cisco Unified MeetingPlace software. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to follow a malicious link that is designed to submit malicious requests to the affected software. If successful, the attacker could execute arbitrary script or HTML code in the security context of the affected browser. Cisco has confirmed this vulnerability in a security notice and software updates are available. To exploit this vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them.

Users should verify that unsolicited links are safe to follow.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-1123
Cisco Bug IDsCSCuc65411, CSCue18706
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Unified MeetingPlace

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Unified MeetingPlace known_affected cisco_csaf CVE-2013-1123 1

Related Products

Product CVE Evidence
Cisco Unified MeetingPlace CVE-2013-1123 Cisco OpenVuln