Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4542

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2008-4542
Last Modified 07 Mar 2011 10:12:38
Published 13 Oct 2008 04:00:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4542

Summary

Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store).

Vulnerable Systems

Application

  • Cisco Unity 4.0

  • Cisco Unity 4.0%281%29

  • Cisco Unity 4.0%282%29

  • Cisco Unity 4.0%283%29

  • Cisco Unity 4.0%284%29

  • Cisco Unity 4.0%285%29

  • Cisco Unity 4.1%281%29

  • Cisco Unity 4.2%281%29

  • Cisco Unity 5.0

  • Cisco Unity 5.0%281%29

  • Cisco Unity 7.0

  • Cisco Unity 7.0%282%29


References

XF - cisco-unityserver-stored-data-xss(45744)

VUPEN - ADV-2008-2771

MISC - http://www.voipshield.com/research-details.php?id=127

BID - 31642

CISCO - 20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server

SECTRACK - 1021012

SECUNIA - 32207


Last Updated: 27 May 2016 10:48:32