var-200902-0666
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field. Cisco Unified MeetingPlace Web Conferencing is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing. Unified MeetingPlace allows users to modify their own account settings, such as name, telephone extension, email address, etc. If the user sets a specially crafted E-mail Address field on the configuration file page, other users will cause cross-site scripting attacks when viewing the user's configuration file or the details of the meeting created by the user, in the browser session Execute the embedded malicious code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200902-0666",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified meetingplace",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "unified meetingplace",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "unified meetingplace web conferencing",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0 - 6.0(517.0)"
},
{
"model": "unified meetingplace web conferencing",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "7.0 - 7.0(2)"
},
{
"model": "unified meetingplace web conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "unified meetingplace web conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "unified meetingplace web conference .1a",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.244"
},
{
"model": "unified meetingplace web conference",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.170.0"
},
{
"model": "unified meetingplace web conferencing",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.2"
},
{
"model": "unified meetingplace web conferencing",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.517.0"
}
],
"sources": [
{
"db": "BID",
"id": "33915"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001574"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-664"
},
{
"db": "NVD",
"id": "CVE-2009-0743"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:unified_meetingplace_web_conferencing",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001574"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "National Australia Bank",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200902-664"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0743",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2009-0743",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-38189",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0743",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2009-0743",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200902-664",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-38189",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38189"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001574"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-664"
},
{
"db": "NVD",
"id": "CVE-2009-0743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field. Cisco Unified MeetingPlace Web Conferencing is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. \nAttacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing. Unified MeetingPlace allows users to modify their own account settings, such as name, telephone extension, email address, etc. If the user sets a specially crafted E-mail Address field on the configuration file page, other users will cause cross-site scripting attacks when viewing the user\u0027s configuration file or the details of the meeting created by the user, in the browser session Execute the embedded malicious code",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0743"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001574"
},
{
"db": "BID",
"id": "33915"
},
{
"db": "VULHUB",
"id": "VHN-38189"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0743",
"trust": 2.5
},
{
"db": "BID",
"id": "33915",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1021778",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001574",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200902-664",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20090225 CISCO UNIFIED MEETINGPLACE WEB CONFERENCING STORED CROSS SITE SCRIPTING VULNERABILITY",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20090226 CISCO UNIFIED MEETINGPLACE STORED CROSS-SITE SCRIPTING VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "48965",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-38189",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38189"
},
{
"db": "BID",
"id": "33915"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001574"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-664"
},
{
"db": "NVD",
"id": "CVE-2009-0743"
}
]
},
"id": "VAR-200902-0666",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-38189"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:03:11.243000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "109630",
"trust": 0.8,
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001574"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38189"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001574"
},
{
"db": "NVD",
"id": "CVE-2009-0743"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/33915"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/501251/30/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_response09186a0080a7bc61.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1021778"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48965"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0743"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0743"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/48965"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html"
},
{
"trust": 0.3,
"url": "/archive/1/501251"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38189"
},
{
"db": "BID",
"id": "33915"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001574"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-664"
},
{
"db": "NVD",
"id": "CVE-2009-0743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-38189"
},
{
"db": "BID",
"id": "33915"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001574"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-664"
},
{
"db": "NVD",
"id": "CVE-2009-0743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-38189"
},
{
"date": "2009-02-26T00:00:00",
"db": "BID",
"id": "33915"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001574"
},
{
"date": "2009-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200902-664"
},
{
"date": "2009-02-27T17:30:09.877000",
"db": "NVD",
"id": "CVE-2009-0743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-38189"
},
{
"date": "2009-02-26T17:47:00",
"db": "BID",
"id": "33915"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001574"
},
{
"date": "2009-03-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200902-664"
},
{
"date": "2024-11-21T01:00:48.883000",
"db": "NVD",
"id": "CVE-2009-0743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200902-664"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified MeetingPlace Web Conferencing of Web Server Account change page cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001574"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200902-664"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.