Sign-up

ID

VAR-200902-0666


CVE

CVE-2009-0743


TITLE

Cisco Unified MeetingPlace Web Conferencing of Web Server Account change page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-001574

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field. Cisco Unified MeetingPlace Web Conferencing is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing. Unified MeetingPlace allows users to modify their own account settings, such as name, telephone extension, email address, etc. If the user sets a specially crafted E-mail Address field on the configuration file page, other users will cause cross-site scripting attacks when viewing the user's configuration file or the details of the meeting created by the user, in the browser session Execute the embedded malicious code

Trust: 1.98

sources: NVD: CVE-2009-0743 // JVNDB: JVNDB-2009-001574 // BID: 33915 // VULHUB: VHN-38189

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplacescope:eqversion:7.0

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:6.0

Trust: 1.6

vendor:ciscomodel:unified meetingplace web conferencingscope:ltversion:6.0 - 6.0(517.0)

Trust: 0.8

vendor:ciscomodel:unified meetingplace web conferencingscope:ltversion:7.0 - 7.0(2)

Trust: 0.8

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:unified meetingplace web conference .1ascope:eqversion:6.0.244

Trust: 0.3

vendor:ciscomodel:unified meetingplace web conferencescope:eqversion:6.0.170.0

Trust: 0.3

vendor:ciscomodel:unified meetingplace web conferencingscope:neversion:7.0.2

Trust: 0.3

vendor:ciscomodel:unified meetingplace web conferencingscope:neversion:6.0.517.0

Trust: 0.3

sources: BID: 33915 // JVNDB: JVNDB-2009-001574 // CNNVD: CNNVD-200902-664 // NVD: CVE-2009-0743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-0743
value: LOW

Trust: 1.0

NVD: CVE-2009-0743
value: LOW

Trust: 0.8

CNNVD: CNNVD-200902-664
value: LOW

Trust: 0.6

VULHUB: VHN-38189
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2009-0743
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-38189
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-38189 // JVNDB: JVNDB-2009-001574 // CNNVD: CNNVD-200902-664 // NVD: CVE-2009-0743

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-38189 // JVNDB: JVNDB-2009-001574 // NVD: CVE-2009-0743

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200902-664

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200902-664

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-001574

PATCH
title:109630url:http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-001574

EXTERNAL IDS
db:NVDid:CVE-2009-0743
Trust: 2.5
db:BIDid:33915
Trust: 2.0
db:SECTRACKid:1021778
Trust: 1.7
db:JVNDBid:JVNDB-2009-001574
Trust: 0.8
db:CNNVDid:CNNVD-200902-664
Trust: 0.7
db:BUGTRAQid:20090225 CISCO UNIFIED MEETINGPLACE WEB CONFERENCING STORED CROSS SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:CISCOid:20090226 CISCO UNIFIED MEETINGPLACE STORED CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:XFid:48965
Trust: 0.6
db:VULHUBid:VHN-38189
Trust: 0.1
sources:
            
            
            VULHUB: VHN-38189 // 
            
            
            
            BID: 33915 // 
            
            
            
            JVNDB: JVNDB-2009-001574 // 
            
            
            
            CNNVD: CNNVD-200902-664 // 
            
            
            
            NVD: CVE-2009-0743

REFERENCES
url:http://www.securityfocus.com/bid/33915
Trust: 1.7
url:http://www.securityfocus.com/archive/1/501251/30/0/threaded
Trust: 1.7
url:http://www.cisco.com/en/us/products/products_security_response09186a0080a7bc61.html
Trust: 1.7
url:http://www.securitytracker.com/id?1021778
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/48965
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0743
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0743
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/48965
Trust: 0.6
url:http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html
Trust: 0.3
url:/archive/1/501251
Trust: 0.3
sources:
            
            
            VULHUB: VHN-38189 // 
            
            
            
            BID: 33915 // 
            
            
            
            JVNDB: JVNDB-2009-001574 // 
            
            
            
            CNNVD: CNNVD-200902-664 // 
            
            
            
            NVD: CVE-2009-0743

CREDITS
National Australia Bank
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200902-664

SOURCES
db:VULHUBid:VHN-38189
db:BIDid:33915
db:JVNDBid:JVNDB-2009-001574
db:CNNVDid:CNNVD-200902-664
db:NVDid:CVE-2009-0743

LAST UPDATE DATE
2024-11-23T23:03:11.243000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-38189date:2017-08-17T00:00:00
db:BIDid:33915date:2009-02-26T17:47:00
db:JVNDBid:JVNDB-2009-001574date:2009-07-08T00:00:00
db:CNNVDid:CNNVD-200902-664date:2009-03-06T00:00:00
db:NVDid:CVE-2009-0743date:2024-11-21T01:00:48.883

SOURCES RELEASE DATE
db:VULHUBid:VHN-38189date:2009-02-27T00:00:00
db:BIDid:33915date:2009-02-26T00:00:00
db:JVNDBid:JVNDB-2009-001574date:2009-07-08T00:00:00
db:CNNVDid:CNNVD-200902-664date:2009-02-27T00:00:00
db:NVDid:CVE-2009-0743date:2009-02-27T17:30:09.877