- Description
- Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_meetingplace:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52D721B4-C0B8-4B7C-8C18-6B6B699B48E0"
},
{
"criteria": "cpe:2.3:a:cisco:unified_meetingplace:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1B3B645-4500-4B63-8D1A-1139537DA522"
}
],
"operator": "OR"
}
]
}
]