CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 1CVE-2009-0743
https://notcve.org/view.php?id=CVE-2009-0743
Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field. Vulnerabilidad Cross-site scripting (XSS), en la página de editar cuentas en el servidor Web de Cisco MeetingPlace Web Conferencing 6.0 anteriores a v6.0(517,0) (también conocido como v6.0 MR4) y v7.0 antes de v7.0(2) (también conocido como 7,0 MR1) permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección a través del campo E-mail Address. • http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html http://www.securityfocus.com/archive/1/501251/30/0/threaded http://www.securityfocus.com/bid/33915 http://www.securitytracker.com/id?1021778 https://exchange.xforce.ibmcloud.com/vulnerabilities/48965 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2007-5581
https://notcve.org/view.php?id=CVE-2007-5581
Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en mpweb/scripts/mpx.dll de Cisco Unified MeetingPlace 5.4 y anteriores y 6.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) FirstName y (2) LastName. • http://secunia.com/advisories/26462 http://securitytracker.com/id?1018904 http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml http://www.securityfocus.com/bid/26364 http://www.vupen.com/english/advisories/2007/3772 https://exchange.xforce.ibmcloud.com/vulnerabilities/38298 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •