cvelistv5 - cve-2007-5581

CVE-2007-5581 (GCVE-0-2007-5581)

Vulnerability from cvelistv5

Published

2007-11-08 02:00

Modified

2024-08-07 15:39

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://secunia.com/advisories/26462	Vendor Advisory
psirt@cisco.com	http://securitytracker.com/id?1018904
psirt@cisco.com	http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/26364
psirt@cisco.com	http://www.vupen.com/english/advisories/2007/3772
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/38298
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26462	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018904
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26364
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3772
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38298

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T15:39:13.545Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20071107 Cisco Unified MeetingPlace XSS Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml",
               },
               {
                  name: "26462",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/26462",
               },
               {
                  name: "1018904",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1018904",
               },
               {
                  name: "26364",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/26364",
               },
               {
                  name: "cisco-meetingplace-mpx-xss(38298)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38298",
               },
               {
                  name: "ADV-2007-3772",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/3772",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2007-11-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-28T12:57:01",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20071107 Cisco Unified MeetingPlace XSS Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml",
            },
            {
               name: "26462",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/26462",
            },
            {
               name: "1018904",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1018904",
            },
            {
               name: "26364",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/26364",
            },
            {
               name: "cisco-meetingplace-mpx-xss(38298)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38298",
            },
            {
               name: "ADV-2007-3772",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/3772",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2007-5581",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20071107 Cisco Unified MeetingPlace XSS Vulnerability",
                     refsource: "CISCO",
                     url: "http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml",
                  },
                  {
                     name: "26462",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/26462",
                  },
                  {
                     name: "1018904",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1018904",
                  },
                  {
                     name: "26364",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/26364",
                  },
                  {
                     name: "cisco-meetingplace-mpx-xss(38298)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38298",
                  },
                  {
                     name: "ADV-2007-3772",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2007/3772",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2007-5581",
      datePublished: "2007-11-08T02:00:00",
      dateReserved: "2007-10-19T00:00:00",
      dateUpdated: "2024-08-07T15:39:13.545Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.4\", \"matchCriteriaId\": \"91CE83B7-B949-41A6-A4F3-8EA50BA3F91E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A09BEA0D-EFC8-4144-A9FE-6FE39DD52F0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"866113FB-7474-44EE-9831-578034C2F246\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_meetingplace:5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF24766A-D95A-4D07-82AC-04C13C61493D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_meetingplace:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6B93B69-FFE0-4708-BD91-5FE16B6B8ACF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_meetingplace:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BEEA514-EE52-4BB3-97BD-04246D6F6D7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_meetingplace:5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8F37B63-53F3-4497-BF6D-22E1C1D5D2C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_meetingplace:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52D721B4-C0B8-4B7C-8C18-6B6B699B48E0\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en mpweb/scripts/mpx.dll de Cisco Unified MeetingPlace 5.4 y anteriores y 6.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\\u00f3n a trav\\u00e9s de los par\\u00e1metros (1) FirstName y (2) LastName.\"}]",
         id: "CVE-2007-5581",
         lastModified: "2024-11-21T00:38:14.857",
         metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
         published: "2007-11-08T02:46:00.000",
         references: "[{\"url\": \"http://secunia.com/advisories/26462\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018904\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/26364\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3772\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38298\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/26462\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018904\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/26364\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3772\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38298\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
         sourceIdentifier: "ykramarz@cisco.com",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2007-5581\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2007-11-08T02:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.\"},{\"lang\":\"es\",\"value\":\"Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en mpweb/scripts/mpx.dll de Cisco Unified MeetingPlace 5.4 y anteriores y 6.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) FirstName y (2) LastName.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.4\",\"matchCriteriaId\":\"91CE83B7-B949-41A6-A4F3-8EA50BA3F91E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A09BEA0D-EFC8-4144-A9FE-6FE39DD52F0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"866113FB-7474-44EE-9831-578034C2F246\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_meetingplace:5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF24766A-D95A-4D07-82AC-04C13C61493D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_meetingplace:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6B93B69-FFE0-4708-BD91-5FE16B6B8ACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_meetingplace:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BEEA514-EE52-4BB3-97BD-04246D6F6D7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_meetingplace:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8F37B63-53F3-4497-BF6D-22E1C1D5D2C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_meetingplace:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52D721B4-C0B8-4B7C-8C18-6B6B699B48E0\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/26462\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018904\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/26364\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3772\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38298\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://secunia.com/advisories/26462\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/26364\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3772\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38298\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}

fkie_cve-2007-5581

Vulnerability from fkie_nvd

Published

2007-11-08 02:46

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://secunia.com/advisories/26462	Vendor Advisory
psirt@cisco.com	http://securitytracker.com/id?1018904
psirt@cisco.com	http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/26364
psirt@cisco.com	http://www.vupen.com/english/advisories/2007/3772
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/38298
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26462	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018904
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26364
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3772
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38298

Impacted products

Vendor	Product	Version
cisco	unified_meetingplace	*
cisco	unified_meetingplace	4.3.0.246
cisco	unified_meetingplace	4.3.0.246.5
cisco	unified_meetingplace	5
cisco	unified_meetingplace	5.0
cisco	unified_meetingplace	5.2
cisco	unified_meetingplace	5.3
cisco	unified_meetingplace	6.0

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "91CE83B7-B949-41A6-A4F3-8EA50BA3F91E",
                     versionEndIncluding: "5.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246:*:*:*:*:*:*:*",
                     matchCriteriaId: "A09BEA0D-EFC8-4144-A9FE-6FE39DD52F0A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "866113FB-7474-44EE-9831-578034C2F246",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_meetingplace:5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF24766A-D95A-4D07-82AC-04C13C61493D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_meetingplace:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6B93B69-FFE0-4708-BD91-5FE16B6B8ACF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_meetingplace:5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BEEA514-EE52-4BB3-97BD-04246D6F6D7B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_meetingplace:5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8F37B63-53F3-4497-BF6D-22E1C1D5D2C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_meetingplace:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "52D721B4-C0B8-4B7C-8C18-6B6B699B48E0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en mpweb/scripts/mpx.dll de Cisco Unified MeetingPlace 5.4 y anteriores y 6.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) FirstName y (2) LastName.",
      },
   ],
   id: "CVE-2007-5581",
   lastModified: "2025-04-09T00:30:58.490",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2007-11-08T02:46:00.000",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/26462",
      },
      {
         source: "psirt@cisco.com",
         url: "http://securitytracker.com/id?1018904",
      },
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml",
      },
      {
         source: "psirt@cisco.com",
         url: "http://www.securityfocus.com/bid/26364",
      },
      {
         source: "psirt@cisco.com",
         url: "http://www.vupen.com/english/advisories/2007/3772",
      },
      {
         source: "psirt@cisco.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38298",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/26462",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1018904",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/26364",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2007/3772",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38298",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

ghsa-36mh-7278-8282

Vulnerability from github

Published

2022-05-01 18:34

Modified

2022-05-01 18:34

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2007-5581",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-79",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2007-11-08T02:46:00Z",
      severity: "MODERATE",
   },
   details: "Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.",
   id: "GHSA-36mh-7278-8282",
   modified: "2022-05-01T18:34:54Z",
   published: "2022-05-01T18:34:54Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5581",
      },
      {
         type: "WEB",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38298",
      },
      {
         type: "WEB",
         url: "http://secunia.com/advisories/26462",
      },
      {
         type: "WEB",
         url: "http://securitytracker.com/id?1018904",
      },
      {
         type: "WEB",
         url: "http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml",
      },
      {
         type: "WEB",
         url: "http://www.securityfocus.com/bid/26364",
      },
      {
         type: "WEB",
         url: "http://www.vupen.com/english/advisories/2007/3772",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

gsd-2007-5581

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-5581

Aliases

CVE-2007-5581

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2007-5581",
      description: "Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.",
      id: "GSD-2007-5581",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2007-5581",
         ],
         details: "Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.",
         id: "GSD-2007-5581",
         modified: "2023-12-13T01:21:40.808964Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "psirt@cisco.com",
            ID: "CVE-2007-5581",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "20071107 Cisco Unified MeetingPlace XSS Vulnerability",
                  refsource: "CISCO",
                  url: "http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml",
               },
               {
                  name: "26462",
                  refsource: "SECUNIA",
                  url: "http://secunia.com/advisories/26462",
               },
               {
                  name: "1018904",
                  refsource: "SECTRACK",
                  url: "http://securitytracker.com/id?1018904",
               },
               {
                  name: "26364",
                  refsource: "BID",
                  url: "http://www.securityfocus.com/bid/26364",
               },
               {
                  name: "cisco-meetingplace-mpx-xss(38298)",
                  refsource: "XF",
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38298",
               },
               {
                  name: "ADV-2007-3772",
                  refsource: "VUPEN",
                  url: "http://www.vupen.com/english/advisories/2007/3772",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:5.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:5.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "5.4",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:5.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:6.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2007-5581",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-79",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20071107 Cisco Unified MeetingPlace XSS Vulnerability",
                     refsource: "CISCO",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml",
                  },
                  {
                     name: "26462",
                     refsource: "SECUNIA",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "http://secunia.com/advisories/26462",
                  },
                  {
                     name: "26364",
                     refsource: "BID",
                     tags: [],
                     url: "http://www.securityfocus.com/bid/26364",
                  },
                  {
                     name: "1018904",
                     refsource: "SECTRACK",
                     tags: [],
                     url: "http://securitytracker.com/id?1018904",
                  },
                  {
                     name: "ADV-2007-3772",
                     refsource: "VUPEN",
                     tags: [],
                     url: "http://www.vupen.com/english/advisories/2007/3772",
                  },
                  {
                     name: "cisco-meetingplace-mpx-xss(38298)",
                     refsource: "XF",
                     tags: [],
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38298",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               cvssV2: {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               exploitabilityScore: 8.6,
               impactScore: 2.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "MEDIUM",
               userInteractionRequired: true,
            },
         },
         lastModifiedDate: "2017-07-29T01:33Z",
         publishedDate: "2007-11-08T02:46Z",
      },
   },
}

Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. Exploiting these issues may help the attacker steal cookie-based authentication credentials and launch other attacks. These issues affect Unified MeetingPlace 6.0, 5.4, 5.3, and prior versions. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing. An input filtering vulnerability exists when MeetingPlace processes user data.

2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.

Input passed to certain parameters (e.g."FirstName" and "LastName") in mpweb/scripts/mpx.dll is not properly sanitised before being returned to a user. These can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

SOLUTION: Apply hotfix 5.4.156.2E or 6.0.244.1A, available via Cisco TAC (Technical Assistance Center).

PROVIDED AND/OR DISCOVERED BY: Joren McReynolds

ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200711-0277",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "unified meetingplace",
            scope: "lte",
            trust: 1.8,
            vendor: "cisco",
            version: "5.4",
         },
         {
            model: "unified meetingplace",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "5.0",
         },
         {
            model: "unified meetingplace",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "5.2",
         },
         {
            model: "unified meetingplace",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "6.0",
         },
         {
            model: "unified meetingplace",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "4.3.0.246",
         },
         {
            model: "unified meetingplace",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "4.3.0.246.5",
         },
         {
            model: "unified meetingplace",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "5.3",
         },
         {
            model: "unified meetingplace",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "5",
         },
         {
            model: "unified meetingplace",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "and  6.0",
         },
         {
            model: "unified meetingplace",
            scope: "eq",
            trust: 0.6,
            vendor: "cisco",
            version: "5.4",
         },
         {
            model: "unified meetingplace web conference",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5.3.447",
         },
         {
            model: "unified meetingplace web conference",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.0.170.0",
         },
         {
            model: "unified meetingplace web conference",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5.4.70.0",
         },
         {
            model: "unified meetingplace web conference",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5.3.447.4",
         },
         {
            model: "unified meetingplace web conference",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5.3.333.0",
         },
         {
            model: "unified meetingplace web conference",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5.3.104.3",
         },
         {
            model: "unified meetingplace web conference",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5.3.104.0",
         },
         {
            model: "unified meetingplace web conference",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.3.0.246.5",
         },
         {
            model: "unified meetingplace web conference",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.3.0.246",
         },
         {
            model: "unified meetingplace web conference .1a",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: "6.0.244",
         },
         {
            model: "unified meetingplace web conference .2e",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: "5.4.156",
         },
         {
            model: "unified meetingplace web conference",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: "6.0.639.10",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "26364",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-002808",
         },
         {
            db: "NVD",
            id: "CVE-2007-5581",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200711-116",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:5.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:5.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "5.4",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:5.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:6.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_meetingplace:4.3.0.246:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2007-5581",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Joren McReynolds",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200711-116",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2007-5581",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: true,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2007-5581",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-28943",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2007-5581",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200711-116",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-28943",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-28943",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-002808",
         },
         {
            db: "NVD",
            id: "CVE-2007-5581",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200711-116",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. \nExploiting these issues may help the attacker steal cookie-based authentication credentials and launch other attacks. \nThese issues affect Unified MeetingPlace 6.0, 5.4, 5.3, and prior versions. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing. An input filtering vulnerability exists when MeetingPlace processes user data. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nInput passed to certain parameters (e.g.\"FirstName\" and \"LastName\")\nin mpweb/scripts/mpx.dll is not properly sanitised before being\nreturned to a user. These can be exploited to execute arbitrary HTML\nand script code in a user's browser session in context of an affected\nsite. \n\nSOLUTION:\nApply hotfix 5.4.156.2E or 6.0.244.1A, available via Cisco TAC\n(Technical Assistance Center). \n\nPROVIDED AND/OR DISCOVERED BY:\nJoren McReynolds\n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2007-5581",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-002808",
         },
         {
            db: "BID",
            id: "26364",
         },
         {
            db: "VULHUB",
            id: "VHN-28943",
         },
         {
            db: "PACKETSTORM",
            id: "60752",
         },
      ],
      trust: 2.07,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2007-5581",
            trust: 2.8,
         },
         {
            db: "BID",
            id: "26364",
            trust: 2,
         },
         {
            db: "SECUNIA",
            id: "26462",
            trust: 1.8,
         },
         {
            db: "VUPEN",
            id: "ADV-2007-3772",
            trust: 1.7,
         },
         {
            db: "SECTRACK",
            id: "1018904",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-002808",
            trust: 0.8,
         },
         {
            db: "CISCO",
            id: "20071107 CISCO UNIFIED MEETINGPLACE XSS VULNERABILITY",
            trust: 0.6,
         },
         {
            db: "XF",
            id: "38298",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200711-116",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-28943",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "60752",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-28943",
         },
         {
            db: "BID",
            id: "26364",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-002808",
         },
         {
            db: "PACKETSTORM",
            id: "60752",
         },
         {
            db: "NVD",
            id: "CVE-2007-5581",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200711-116",
         },
      ],
   },
   id: "VAR-200711-0277",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-28943",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T13:10:20.918000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Document ID: 626",
            trust: 0.8,
            url: "http://tools.cisco.com/security/center/content/ciscosecurityresponse/cisco-sr-20071107-mp",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2007-002808",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-79",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-28943",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-002808",
         },
         {
            db: "NVD",
            id: "CVE-2007-5581",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.1,
            url: "http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml",
         },
         {
            trust: 1.7,
            url: "http://www.securityfocus.com/bid/26364",
         },
         {
            trust: 1.7,
            url: "http://securitytracker.com/id?1018904",
         },
         {
            trust: 1.7,
            url: "http://secunia.com/advisories/26462",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2007/3772",
         },
         {
            trust: 1.1,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38298",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5581",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5581",
         },
         {
            trust: 0.6,
            url: "http://www.frsirt.com/english/advisories/2007/3772",
         },
         {
            trust: 0.6,
            url: "http://xforce.iss.net/xforce/xfdb/38298",
         },
         {
            trust: 0.3,
            url: "http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/secunia_security_advisories/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/product/13661/",
         },
         {
            trust: 0.1,
            url: "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/26462/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/about_secunia_advisories/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/product/13663/",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-28943",
         },
         {
            db: "BID",
            id: "26364",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-002808",
         },
         {
            db: "PACKETSTORM",
            id: "60752",
         },
         {
            db: "NVD",
            id: "CVE-2007-5581",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200711-116",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-28943",
         },
         {
            db: "BID",
            id: "26364",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-002808",
         },
         {
            db: "PACKETSTORM",
            id: "60752",
         },
         {
            db: "NVD",
            id: "CVE-2007-5581",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200711-116",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2007-11-08T00:00:00",
            db: "VULHUB",
            id: "VHN-28943",
         },
         {
            date: "2007-11-07T00:00:00",
            db: "BID",
            id: "26364",
         },
         {
            date: "2012-06-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2007-002808",
         },
         {
            date: "2007-11-07T20:19:41",
            db: "PACKETSTORM",
            id: "60752",
         },
         {
            date: "2007-11-08T02:46:00",
            db: "NVD",
            id: "CVE-2007-5581",
         },
         {
            date: "2007-11-07T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200711-116",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2017-07-29T00:00:00",
            db: "VULHUB",
            id: "VHN-28943",
         },
         {
            date: "2010-07-08T17:17:00",
            db: "BID",
            id: "26364",
         },
         {
            date: "2012-06-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2007-002808",
         },
         {
            date: "2017-07-29T01:33:44.507000",
            db: "NVD",
            id: "CVE-2007-5581",
         },
         {
            date: "2007-11-08T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200711-116",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200711-116",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Cisco Unified MeetingPlace of  mpweb/scripts/mpx.dll Vulnerable to cross-site scripting",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2007-002808",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "xss",
      sources: [
         {
            db: "PACKETSTORM",
            id: "60752",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200711-116",
         },
      ],
      trust: 0.7,
   },
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-5581 (GCVE-0-2007-5581)

Vulnerability from cvelistv5

fkie_cve-2007-5581

Vulnerability from fkie_nvd

ghsa-36mh-7278-8282

Vulnerability from github

gsd-2007-5581

Vulnerability from gsd

var-200711-0277

Vulnerability from variot

Tags

Sightings

Nomenclature