CVE-2009-0743

Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field.

Published: Feb 27, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0743
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
cisco / unified_meetingplace	7.0	7.0.x
cisco / unified_meetingplace	6.0	6.0.x

http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html
http://www.securityfocus.com/archive/1/501251/30/0/threaded
http://www.securityfocus.com/bid/33915
http://www.securitytracker.com/id?1021778
https://exchange.xforce.ibmcloud.com/vulnerabilities/48965

Vulnerability Database

289,784

CVE-2009-0743