Multiple Cross-Site Scripting Vulnerabilities in Cisco Products
CVE-2007-1467

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Video Advantage; Unified Videoconferencing Manager; Vpn Client; Unified Personal Communicator
Vendor: CVE Published:; 16 March 2007

Summary

Multiple products from Cisco are susceptible to cross-site scripting vulnerabilities due to flaws in the online help system within various components. This issue allows attackers to inject arbitrary web scripts or HTML through the search form's text field, compromising user security. It is critical that all administrators review the affected product versions and implement necessary updates to safeguard against potential exploitation.

References

http://www.securityfocus.com/archive/1/462932/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.cisco.com/en/US/products/products_security_res...

vendor-advisoryx_refsource_CISCO

http://securityreason.com/securityalert/2437

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Mar 16, 2007
Vulnerability Reserved
Mar 16, 2007