Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.803167
Kategorie:CISCO
Titel:Cisco Unity Express Multiple XSS and CSRF Vulnerabilities
Zusammenfassung:The host is installed with Cisco Unity Express and is prone to; multiple cross-site scripting and request forgery vulnerabilities.
Beschreibung:Summary:
The host is installed with Cisco Unity Express and is prone to
multiple cross-site scripting and request forgery vulnerabilities.

Vulnerability Insight:
- Input passed via the 'gui_pagenotableData' parameter to Web/SA2/ScriptList.do
and 'holiday.description' parameter to /Web/SA3/AddHoliday.do are not
properly sanitized before being returned to the user.

- The application allows users to perform certain actions via HTTP requests
without performing proper validity checks to verify the requests.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute arbitrary HTML
and script code in a users browser session in context of an affected site and
perform certain actions when a logged-in user visits a specially crafted web page.

Affected Software/OS:
Cisco Unity Express version 7.x

Solution:
Upgrade to Cisco Unity Express 8.0 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 57677
BugTraq ID: 57678
Common Vulnerability Exposure (CVE) ID: CVE-2013-1114
Cisco Security Advisory: 20130201 Cisco Unity Express Cross Site Scripting Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114
Common Vulnerability Exposure (CVE) ID: CVE-2013-1120
Cisco Security Advisory: 20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120
CopyrightCopyright (C) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.