Описание
Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.4 (включая)
Одно из
cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_meetingplace:5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_meetingplace:5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_meetingplace:5.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_meetingplace:5.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_meetingplace:6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00551
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.
EPSS
Процентиль: 67%
0.00551
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79