[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Cisco Unified MeetingPlace Web Conferencing Stored Cross Site
From:       security.assurance () nab ! com ! au
Date:       2009-02-25 23:33:48
Message-ID: 20090225233348.29357.qmail () securityfocus ! com
[Download RAW message or body]

Title: 	Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting \
Vulnerability


CVE Identifier: N/A
____________

Credit: 
Security Assurance Team of the National Australia Bank.

The vendor was advised of this vulnerability prior to its public release.  National \
Australia Bank adheres to the “Guidelines for Security Vulnerability Reporting and \
Response V2.0” document when issuing Security Advisories.  

Class: 	Stored Cross Site Scripting
____________

Remote:	Yes
____________

Local:	No
____________


Vulnerable: 
Cisco Unified Meeting Place 6.0 and possibly 7.0 – other versions may also be \
vulnerable. ____________  

Not Vulnerable:	
____________

Vendor:	Cisco
____________

Discussion:
Cisco Unified Meeting Place is a suite of products used for remote voice, video and \
web conferencing.  The Cisco Unified Meeting Place web interface allows users to \
schedule and attend conferences.

Each user has the ability to modify their own account settings such as their name, \
telephone extension, email address etc. National Australia Bank’s Security Assurance \
Team have identified a stored cross site scripting vulnerability that could be \
exploited by a malicious user to execute code within another user's browser when they \
view a meeting created by the malicious user.

____________

Exploit:
The “E-mail Address” field of this profile page is vulnerable to stored cross site \
scripting attacks. 

If a user enters the following in the email field, the code within the script tags \
will be executed whenever that user’s profile data is viewed by other users, \
including when viewing the details of a meeting created by this user:  \
"><script>INSERT JAVASCRIPT HERE</script>

Solution: 
No workaround available.

This vulnerability is fixed in Cisco Unified MeetingPlace Web Conferencing software \
version 6.0(517.0) also known as Maintenance Release 4 (MR4) for the 6.0 release, and \
version 7.0(2) also known as Maintenance Release 1 (MR1) for the 7.0 release. 

____________

References:  

Vendor Homepage: 
http://www.cisco.com


[prev in list] [next in list] [prev in thread] [next in thread]