Cisco Unified MeetingPlace SQL Injection and Cross Site Scripting Vulnerabilities

Cisco Unified MeetingPlace is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability.

Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Cisco Unified MeetingPlace versions prior to 7.1.2.6 (MR1) are affected.


 

Privacy Statement
Copyright 2010, SecurityFocus