CVE-2007-5581

Cisco Unified Meetingplace < 5.4 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.

References (6)

[Vendor Advisory] http://secunia.com/advisories/26462

[Vendor Advisory] http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26364

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/38298

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1018904

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3772

Scores

EPSS 0.0055

EPSS Percentile 67.7%

Classification

CWE

CWE-79

Status draft

Affected Products (8)

cisco/unified_meetingplace < 5.4

cisco/unified_meetingplace

Timeline

Published Nov 08, 2007

Tracked Since Feb 18, 2026