Details of VAR-201302-0385

ID

VAR-201302-0385

CVE

CVE-2013-1123

TITLE

Cisco Unified MeetingPlace Server cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-001584

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuc65411 and CSCue18706. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuc65411. This solution provides a user environment that integrates voice, video and Web conferencing. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Unified MeetingPlace Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA52109 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52109/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52109 RELEASE DATE: 2013-02-11 DISCUSS ADVISORY: http://secunia.com/advisories/52109/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52109/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52109 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1123 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2013-1123 // JVNDB: JVNDB-2013-001584 // BID: 57885 // VULHUB: VHN-61125 // PACKETSTORM: 120193

AFFECTED PRODUCTS

vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7.0	Trust: 2.4
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7.1.26	Trust: 0.3
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7.1	Trust: 0.3
vendor:	cisco	model:	unified meetingplace hotfix 5f	scope:	eq	version:	7.0(2.3)	Trust: 0.3
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7	Trust: 0.3

sources: BID: 57885 // JVNDB: JVNDB-2013-001584 // CNNVD: CNNVD-201302-271 // NVD: CVE-2013-1123

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1123
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1123
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201302-271
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61125
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1123
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61125
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61125 // JVNDB: JVNDB-2013-001584 // CNNVD: CNNVD-201302-271 // NVD: CVE-2013-1123

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-61125 // JVNDB: JVNDB-2013-001584 // NVD: CVE-2013-1123

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-271

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 120193 // CNNVD: CNNVD-201302-271

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001584

PATCH

title:	Cisco Unified MeetingPlace Server Cross-Site Scripting Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1123	Trust: 0.8
title:	28228	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=28228	Trust: 0.8

sources: JVNDB: JVNDB-2013-001584

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1123	Trust: 2.9
db:	BID	id:	57885	Trust: 2.0
db:	SECUNIA	id:	52109	Trust: 1.9
db:	OSVDB	id:	90075	Trust: 1.7
db:	JVNDB	id:	JVNDB-2013-001584	Trust: 0.8
db:	CNNVD	id:	CNNVD-201302-271	Trust: 0.7
db:	CISCO	id:	20130207 CISCO UNIFIED MEETINGPLACE SERVER CROSS-SITE SCRIPTING VULNERABILITY	Trust: 0.6
db:	XF	id:	81986	Trust: 0.6
db:	VULHUB	id:	VHN-61125	Trust: 0.1
db:	PACKETSTORM	id:	120193	Trust: 0.1

sources: VULHUB: VHN-61125 // BID: 57885 // JVNDB: JVNDB-2013-001584 // PACKETSTORM: 120193 // CNNVD: CNNVD-201302-271 // NVD: CVE-2013-1123

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1123	Trust: 2.1
url:	http://www.securityfocus.com/bid/57885	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=28228	Trust: 1.7
url:	http://osvdb.org/90075	Trust: 1.7
url:	http://secunia.com/advisories/52109	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/81986	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1123	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1123	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/81986	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html	Trust: 0.3
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=52109	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/blog/325/	Trust: 0.1
url:	http://secunia.com/advisories/52109/#comments	Trust: 0.1
url:	http://secunia.com/advisories/52109/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-61125 // BID: 57885 // JVNDB: JVNDB-2013-001584 // PACKETSTORM: 120193 // CNNVD: CNNVD-201302-271 // NVD: CVE-2013-1123

CREDITS

Reported by the vendor.

Trust: 0.3

sources: BID: 57885

SOURCES

db:	VULHUB	id:	VHN-61125
db:	BID	id:	57885
db:	JVNDB	id:	JVNDB-2013-001584
db:	PACKETSTORM	id:	120193
db:	CNNVD	id:	CNNVD-201302-271
db:	NVD	id:	CVE-2013-1123

LAST UPDATE DATE

2025-04-11T22:59:12.154000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61125	date:	2017-08-29T00:00:00
db:	BID	id:	57885	date:	2013-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2013-001584	date:	2013-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201302-271	date:	2013-02-20T00:00:00
db:	NVD	id:	CVE-2013-1123	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61125	date:	2013-02-15T00:00:00
db:	BID	id:	57885	date:	2013-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2013-001584	date:	2013-02-18T00:00:00
db:	PACKETSTORM	id:	120193	date:	2013-02-11T06:47:34
db:	CNNVD	id:	CNNVD-201302-271	date:	2013-02-20T00:00:00
db:	NVD	id:	CVE-2013-1123	date:	2013-02-15T12:09:28.977