XSS in Cisco Telepresence_mxp_software
CVE-2011-2544
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resul…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.042 (89.0th percentile) — read the EPSS interpretation.
Affected products
- Cisco Telepresence_mxp_software — versions f8.2, f9.0, f9.0.1
- Cisco Telepresence_system_1000_mxp
- Cisco Telepresence_system_1700_mxp
- N/a — versions n/a
Weakness classification (CWE)
References
- 49670 (vdb-entry, x_refsource_BID)
- 8393 (x_refsource_SREASON, third-party-advisory)
- 46057 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 46109 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 1026072 (vdb-entry, x_refsource_SECTRACK)
- 20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010 (mailing-list, x_refsource_BUGTRAQ)
- 17871 (Exploit, exploit, x_refsource_EXPLOIT-DB)
- cisco-telepresence-h323-sip-xss(69906) (vdb-entry, x_refsource_XF)