CVE-2015-0758
Cisco Unified MeetingPlace 8.6(1.9) - XML External Entity Injection via Web Interface
Title source: llmDescription
The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032448
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=39130
Scores
EPSS
0.0163
EPSS Percentile
73.3%
Details
CWE
CWE-200
Status
published
Products (1)
cisco/unified_meetingplace
8.6\(1.9\)
Published
May 30, 2015
Tracked Since
Feb 18, 2026