CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0703
https://notcve.org/view.php?id=CVE-2015-0703
21 Apr 2015 — Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857. Vulnerabilidad de XSS en la interfaz web administrativa en Cisco Unified MeetingPlace 8.6(1.9) permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados, también conocido como Bug ID CSCus95857. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38459 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5494
https://notcve.org/view.php?id=CVE-2013-5494
16 Sep 2013 — Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674. Vulnerabilidad de CSRF en el framework web en Cisco Unified MeetingPlace Solution, tal como se usa en Unified MeetingPlace Web Conferencing y Unified MeetingPlace, permite a atacantes remotos secuestrar la autenticac... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5494 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5495
https://notcve.org/view.php?id=CVE-2013-5495
16 Sep 2013 — Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui44681. Vulnerabilidad Cross-site scripting (XSS) en el framework del servidor de aplicaciones de Cisco Unified MeetingPlace permite a atacantes remotos inyectar scripts web arbitrarios o código HTML a través de un un parámetro sin especificar , también conocido como Bug ID CSCui44681. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3438
https://notcve.org/view.php?id=CVE-2013-3438
24 Jul 2013 — The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385. El famework web en el servidor en Cisco Unified MeetingPlace Web Conferencing, permite a atacantes remotos evitar las restricciones de acceso establecidas y leer páginas web no especificadas a través de parámetros manipulados. Aka Bug ID CSCuh86385. • http://osvdb.org/95583 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3419
https://notcve.org/view.php?id=CVE-2013-3419
11 Jul 2013 — Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Cisco Unified MeetingPlace Web Conferencing que permite a atacantes remotos inyectar secuencias de comandos Web o HTML a través de parámetro sin especificar, también conocido como Bug ID CSCuh74981. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 1%CPEs: 14EXPL: 0CVE-2013-1168
https://notcve.org/view.php?id=CVE-2013-1168
11 Apr 2013 — The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885. El servidor web de Cisco Unified MeetingPlace Application Server v7.x antes de v7.1MR1 revisión 2, v8.0 antes de v8.0MR1 revisión 1, y v8.5 antes de v8.5MR3 revisión 1 no invalida un... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1169
https://notcve.org/view.php?id=CVE-2013-1169
11 Apr 2013 — Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID CSCuc64846. Cisco Unified MeetingPlace Web Conferencing Server v7.x antes de v7.1MR1 revisión 2, v8.0 antes de v8.0MR1 revisión 2, y v8.5 antes de v8.5MR3 Patch 1, cuando la opción Remember Me se utiliza, no verifi... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1123
https://notcve.org/view.php?id=CVE-2013-1123
15 Feb 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuc65411 and CSCue18706. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor Cisco Unified MeetingPlace v7.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados, también conocido como Bug IDs CSCuc65411 y CS... • http://osvdb.org/90075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-1128
https://notcve.org/view.php?id=CVE-2013-1128
15 Feb 2013 — Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Cisco Unified MeetingPlace con software anterior a v7.1(2.2000) permite a atacantes remotos secuestrar la autentica... • http://secunia.com/advisories/52194 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2012-5416
https://notcve.org/view.php?id=CVE-2012-5416
02 Nov 2012 — Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341. Desbordamiento de búfer en Cisco Unified MeetingPlace Web Conferencing antes de v7.1MR1 Patch 1, v8.0 antes de v8.0MR1 Patch 1, y v8.5 antes de v8.5MR3, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a tr... • http://osvdb.org/86859 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •