Cross-Site Scripting Vulnerability in Cisco TelePresence Collaboration Software
CVE-2015-0696

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Tc Software
Vendor: CVE Published:; 15 April 2015

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the login page of Cisco TelePresence Collaboration Desk and Room Endpoints running TC Software before version 7.1.0. This flaw permits remote attackers to inject arbitrary web scripts or HTML code via unspecified vectors. Successful exploitation could lead to unauthorized actions by the users of affected systems, potentially exposing sensitive information and undermining system integrity. Users are advised to update to the latest software version to mitigate this risk.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1032137

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Apr 15, 2015
Vulnerability Reserved
Jan 7, 2015