CVE-2011-2544

Cisco Telepresence System 1000 Mxp < f9.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.

Exploits (1)

exploitdb WRITEUP

by Sense of Security · textwebappshardware

https://www.exploit-db.com/exploits/17871

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://secunia.com/advisories/46057

[Vendor Advisory] http://secunia.com/advisories/46109

[Exploit] http://www.exploit-db.com/exploits/17871

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/69906

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/519698/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/49670

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1026072

[Third Party Advisory] http://securityreason.com/securityalert/8393

Scores

EPSS 0.0422

EPSS Percentile 88.6%

Classification

CWE

CWE-79

Status published

Affected Products (8)

cisco/telepresence_system_1000_mxp

cisco/telepresence_system_1700_mxp

cisco/telepresence_mxp_software < f9.1

cisco/telepresence_mxp_software

cisco/telepresence_mxp_software

cisco/telepresence_mxp_software

cisco/telepresence_mxp_software

n/a/n/a

Timeline

Published Sep 23, 2011

Tracked Since Feb 18, 2026