Vigil@nce: Cisco Unified MeetingPlace, Cross Site Scripting
March 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A user of Cisco Unified MeetingPlace can create a Cross Site
Scripting in the web browser of other users.
Gravity: 2/4
Consequences: client access/rights
Provenance: user account
Means of attack: 1 proof of concept
Ability of attacker: specialist (3/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 27/02/2009
IMPACTED PRODUCTS
– Cisco Unified Communications Manager
DESCRIPTION OF THE VULNERABILITY
The Cisco Unified MeetingPlace Web Conferencing product is used to
create web conferences. Every user can change parameters of his
account: name, phone number, email, etc. Every user can see the
profile of other users.
However, the page displaying user’s profile does not filter his
email address. An attacker with a valid account can therefore
change his email to contain JavaScript code. This code will be
executed when other users will display attacker’s profile.
A user of Cisco Unified MeetingPlace can therefore create a Cross
Site Scripting in the web browser of other users.
CHARACTERISTICS
Identifiers: 109480, BID-33915, cisco-sa-20090225-mtgplace,
CSCsv66321, VIGILANCE-VUL-8496
http://vigilance.fr/vulnerability/Cisco-Unified-MeetingPlace-Cross-Site-Scripting-8496