CVE-2007-5581

Published Nov 8, 2007

Last updated 8 years ago

CVSS info 4.3

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91CE83B7-B949-41A6-A4F3-8EA50BA3F91E",
            "versionEndIncluding": "5.4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A09BEA0D-EFC8-4144-A9FE-6FE39DD52F0A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "866113FB-7474-44EE-9831-578034C2F246"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_meetingplace:5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF24766A-D95A-4D07-82AC-04C13C61493D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_meetingplace:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6B93B69-FFE0-4708-BD91-5FE16B6B8ACF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_meetingplace:5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BEEA514-EE52-4BB3-97BD-04246D6F6D7B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_meetingplace:5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8F37B63-53F3-4497-BF6D-22E1C1D5D2C3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_meetingplace:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52D721B4-C0B8-4B7C-8C18-6B6B699B48E0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References