Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability
From: security.assurance@xxxxxxxxxx
Date: 25 Feb 2009 23:33:48 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Title:  Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting 
Vulnerability


CVE Identifier: N/A
____________

Credit: 
Security Assurance Team of the National Australia Bank.

The vendor was advised of this vulnerability prior to its public release.  
National Australia Bank adheres to the ?Guidelines for Security Vulnerability 
Reporting and Response V2.0? document when issuing Security Advisories.  

Class:  Stored Cross Site Scripting
____________

Remote: Yes
____________

Local:  No
____________


Vulnerable: 
Cisco Unified Meeting Place 6.0 and possibly 7.0 ? other versions may also be 
vulnerable.
____________  

Not Vulnerable: 
____________

Vendor: Cisco
____________

Discussion:
Cisco Unified Meeting Place is a suite of products used for remote voice, video 
and web conferencing.  The Cisco Unified Meeting Place web interface allows 
users to schedule and attend conferences.

Each user has the ability to modify their own account settings such as their 
name, telephone extension, email address etc. National Australia Bank?s 
Security Assurance Team have identified a stored cross site scripting 
vulnerability that could be exploited by a malicious user to execute code 
within another user's browser when they view a meeting created by the malicious 
user.

____________

Exploit:
The ?E-mail Address? field of this profile page is vulnerable to stored cross 
site scripting attacks. 

If a user enters the following in the email field, the code within the script 
tags will be executed whenever that user?s profile data is viewed by other 
users, including when viewing the details of a meeting created by this user: 
"><script>INSERT JAVASCRIPT HERE</script>

Solution: 
No workaround available.

This vulnerability is fixed in Cisco Unified MeetingPlace Web Conferencing 
software version 6.0(517.0) also known as Maintenance Release 4 (MR4) for the 
6.0 release, and version 7.0(2) also known as Maintenance Release 1 (MR1) for 
the 7.0 release. 

____________

References:  

Vendor Homepage: 
http://www.cisco.com

Prev by Date: [ MDVSA-2009:055 ] audacity
Next by Date: Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc
Previous by thread: [ MDVSA-2009:055 ] audacity
Next by thread: Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc
Index(es):
- Date
- Thread