Cross-Site Scripting Vulnerability in Cisco Unified MeetingPlace for Microsoft Outlook
CVE-2015-0762

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Meetingplace
Vendor: CVE Published:; 4 June 2015

Summary

A cross-site scripting (XSS) vulnerability exists in the management interface of Cisco Unified MeetingPlace versions 8.6(1.2) and 8.6(1.9) for Microsoft Outlook. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML code through specially crafted URL values. Successful exploitation enables attackers to manipulate session data, redirect users, or expose sensitive information without user consent.

References

http://www.securitytracker.com/id/1032470

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jun 4, 2015
Vulnerability Reserved
Jan 7, 2015