<<< Date Index >>>     <<< Thread Index >>>

Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability



Title:  Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting 
Vulnerability


CVE Identifier: N/A
____________

Credit: 
Security Assurance Team of the National Australia Bank.

The vendor was advised of this vulnerability prior to its public release.  
National Australia Bank adheres to the ?Guidelines for Security Vulnerability 
Reporting and Response V2.0? document when issuing Security Advisories.  

Class:  Stored Cross Site Scripting
____________

Remote: Yes
____________

Local:  No
____________


Vulnerable: 
Cisco Unified Meeting Place 6.0 and possibly 7.0 ? other versions may also be 
vulnerable.
____________  

Not Vulnerable: 
____________

Vendor: Cisco
____________

Discussion:
Cisco Unified Meeting Place is a suite of products used for remote voice, video 
and web conferencing.  The Cisco Unified Meeting Place web interface allows 
users to schedule and attend conferences.

Each user has the ability to modify their own account settings such as their 
name, telephone extension, email address etc. National Australia Bank?s 
Security Assurance Team have identified a stored cross site scripting 
vulnerability that could be exploited by a malicious user to execute code 
within another user's browser when they view a meeting created by the malicious 
user.

____________

Exploit:
The ?E-mail Address? field of this profile page is vulnerable to stored cross 
site scripting attacks. 

If a user enters the following in the email field, the code within the script 
tags will be executed whenever that user?s profile data is viewed by other 
users, including when viewing the details of a meeting created by this user: 
"><script>INSERT JAVASCRIPT HERE</script>

Solution: 
No workaround available.

This vulnerability is fixed in Cisco Unified MeetingPlace Web Conferencing 
software version 6.0(517.0) also known as Maintenance Release 4 (MR4) for the 
6.0 release, and version 7.0(2) also known as Maintenance Release 1 (MR1) for 
the 7.0 release. 

____________

References:  

Vendor Homepage: 
http://www.cisco.com