Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.803167 |
Kategorie: | CISCO |
Titel: | Cisco Unity Express Multiple XSS and CSRF Vulnerabilities |
Zusammenfassung: | The host is installed with Cisco Unity Express and is prone to; multiple cross-site scripting and request forgery vulnerabilities. |
Beschreibung: | Summary: The host is installed with Cisco Unity Express and is prone to multiple cross-site scripting and request forgery vulnerabilities. Vulnerability Insight: - Input passed via the 'gui_pagenotableData' parameter to Web/SA2/ScriptList.do and 'holiday.description' parameter to /Web/SA3/AddHoliday.do are not properly sanitized before being returned to the user. - The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in context of an affected site and perform certain actions when a logged-in user visits a specially crafted web page. Affected Software/OS: Cisco Unity Express version 7.x Solution: Upgrade to Cisco Unity Express 8.0 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 57677 BugTraq ID: 57678 Common Vulnerability Exposure (CVE) ID: CVE-2013-1114 Cisco Security Advisory: 20130201 Cisco Unity Express Cross Site Scripting Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114 Common Vulnerability Exposure (CVE) ID: CVE-2013-1120 Cisco Security Advisory: 20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120 |
Copyright | Copyright (C) 2013 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |