Cisco Products Online Help 多个跨站脚本攻击漏洞-一一网

漏洞信息详情

Cisco Products Online Help 多个跨站脚本攻击漏洞

CNNVD编号：CNNVD-200703-426

危害等级：低危
CVE编号：
CVE-2007-1467
漏洞类型：

跨站脚本
发布时间：

2007-03-16
威胁类型：

远程
更新时间：

2007-03-22
厂商：

cisco
漏洞来源：
Erwin Paternotte f…

漏洞简介

Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks和相关产品，Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC)和Wireless Control System (WCS)中的(1)PreSearch.html和(2)PreSearch.class文件存在多个跨站脚本攻击漏洞。远程攻击者可以借助搜索格式的文本字段，注入任意的web脚本或HTML。

漏洞公告

参考网址

来源: BID
名称: 22982
链接:http://www.securityfocus.com/bid/22982

来源: BUGTRAQ
名称: 20070315 Re: XSS vulnerability in the online help system of several Cisco products
链接:http://www.securityfocus.com/archive/1/archive/1/462944/100/0/threaded

来源: BUGTRAQ
名称: 20070315 XSS vulnerability in the online help system of several Cisco products
链接:http://www.securityfocus.com/archive/1/archive/1/462932/100/0/threaded

来源: CISCO
名称: 20070315 Cross-Site Scripting Vulnerability in Online Help System
链接:http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html

来源: XF
名称: cisco-presearch-xss(33024)
链接:http://xforce.iss.net/xforce/xfdb/33024

来源: SECTRACK
名称: 1017778
链接:http://www.securitytracker.com/id?1017778

来源: VUPEN
名称: ADV-2007-0973
链接:http://www.frsirt.com/english/advisories/2007/0973

来源: SREASON
名称: 2437
链接:http://securityreason.com/securityalert/2437

来源: SECUNIA
名称: 24499
链接:http://secunia.com/advisories/24499