Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3294

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-3294
Last Modified 14 May 2012 12:00:00
Published 19 Oct 2011 11:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3294

Summary

Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342.

Vulnerable Systems

Application

  • Cisco Telepresence Video Communication Servers Software X5.2

  • Cisco Telepresence Video Communication Servers Software X6.0

  • Cisco Telepresence Video Communication Servers Software X6.1


References

XF - cisco-telepresence-useragent-xss(70563)

BID - 50084

CISCO - 20111012 Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability

SECTRACK - 1026186


Last Updated: 27 May 2016 10:57:41