FKIE_CVE-2007-1467

Vulnerability from fkie_nvd - Published: 2007-03-16 21:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
References
cve@mitre.orghttp://secunia.com/advisories/24499
cve@mitre.orghttp://securityreason.com/securityalert/2437
cve@mitre.orghttp://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.htmlVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/462932/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/462944/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/22982
cve@mitre.orghttp://www.securitytracker.com/id?1017778
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0973
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/33024
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24499
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2437
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/462932/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/462944/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22982
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017778
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0973
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/33024
Impacted products
Vendor Product Version
cisco acs_solution_engine 4.1
cisco acs_solution_engine 4.1
cisco ciscoworks *
cisco ip_communicator *
cisco meetingplace *
cisco security_device_manager *
cisco unified_meetingplace *
cisco unified_meetingplace_express *
cisco unified_personal_communicator *
cisco unified_video_advantage *
cisco unified_videoconferencing *
cisco unified_videoconferencing_manager *
cisco vpn_client 3.5.1
cisco vpn_client 3.5.1
cisco vpn_client 3.5.2
cisco vpn_client 3.5.2
cisco vpn_client 3.5.2
cisco vpn_client 3.5.2b
cisco vpn_client 3.5.2b
cisco vpn_client 3.5.2b
cisco vpn_client 3.5.4
cisco vpn_client 3.5.4
cisco vpn_client 3.5.4
cisco vpn_client 3.6
cisco vpn_client 3.6
cisco vpn_client 3.6
cisco vpn_client 3.6.1
cisco vpn_client 3.6.1
cisco vpn_client 3.6.1
cisco vpn_client 4.0.2a
cisco vpn_client 4.0.2a
cisco vpn_client 4.0.2c
cisco vpn_client 4.0.2c
cisco vpn_client 4.8.1
cisco wan_manager *
cisco wireless_lan_controllers *
cisco wireless_lan_solution_engine *
cisco call_manager *
cisco network_analysis_module *
cisco wireless_control_system 4.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:acs_solution_engine:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2053FEE9-7DE5-4C5E-B2C1-5652301DBFFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:acs_solution_engine:4.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "3436B987-134F-47FD-94A9-B22E1D6E1F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A687E771-9653-4FB6-888C-C6D7874E8F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ip_communicator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2590B4-F61E-4ED9-B4B2-45227CDF8E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meetingplace:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41EEA208-7F2E-4E01-8C8C-29009161E6EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_device_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42E7C476-E8CE-4CD4-9ED2-926B4BA6EDF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "713CDBB9-F841-455A-B173-7B239DF087D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8932A12B-BDAD-4078-92C3-720CE4E204CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_personal_communicator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AC0A911-917D-426B-84D3-05BEAEE9C81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_video_advantage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1BDD7B4-CD06-44D9-855B-30FFE673014E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_videoconferencing:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B50D62D1-83D3-4347-A979-503294EC4B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_videoconferencing_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19065178-BD77-4ED5-AE31-9904E348B2C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*",
              "matchCriteriaId": "2BD00D0A-EB6E-41AA-851D-9DD258E23BEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "88EB557F-33CD-40FE-B470-04F93CB2F3E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*",
              "matchCriteriaId": "F2EEB23E-4592-49A1-BDC6-110580340AAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "D548CEFE-1970-42D3-9039-196A3B5F5D0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "2D4BDB9B-99D8-42B7-8D57-2B57029220F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2b:*:linux:*:*:*:*:*",
              "matchCriteriaId": "B2F5C5E1-59A5-4402-BF6A-DDD05F8F07F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2b:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "269EE54C-B6C7-4F3E-B4ED-12CF9F277569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2b:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "12A573DB-1D58-4A78-85C6-B2A3B09F34B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.4:*:linux:*:*:*:*:*",
              "matchCriteriaId": "DEB505B7-54A0-4A53-81FC-9E6635A50BB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.4:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "1728BA7D-0124-4E7B-9D0A-549DB87F3732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.4:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "DD1D17D3-F56E-47FC-90F9-54AC4446CB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.6:*:linux:*:*:*:*:*",
              "matchCriteriaId": "9A9F7CE9-771E-4F0C-B4DD-B9517F70BBCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.6:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "0C7B2037-406B-4A18-9B5D-D3F206C58AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.6:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "08A9E927-1092-4F6A-A099-DB80EA060F54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.6.1:*:linux:*:*:*:*:*",
              "matchCriteriaId": "872A3F31-1008-416A-9881-803E7DF11B1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.6.1:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "50FB297D-5289-46D1-82C2-E83C3020895C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.6.1:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "D88E0D0C-03EF-4528-93C9-97B39342CA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:4.0.2a:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "4C111372-50F2-4F3E-8DFE-1EB5509B489C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:4.0.2a:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "B19317CB-C159-4BEF-B8F8-A919E8DF6783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:4.0.2c:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "B7C7C00F-72E3-41E1-A763-0209AF639053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:4.0.2c:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "B205CD80-4469-4DA9-B0E1-73C2B83E33D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:4.8.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "8FD6C3C5-A7D3-4208-A23C-BA7D5626FB92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEFD455A-7E41-4C95-A1E9-1A4867DA4F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_controllers:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88AB3CC-4F0E-4A82-B4F0-13EDA4948BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FDEE04C-0231-42F7-9736-EB3B7A020E50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DE5E22-DF93-46BE-85A3-D4E04379E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:network_analysis_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD82BCCE-F68A-48A5-B484-98D9C3024E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:wireless_control_system:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFF3680D-50CB-4854-84B8-34129DDB2A2A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1) PreSearch.html y (2) PreSearch.class en Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks y productos relacionados, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), y Wireless Control System (WCS) permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de campos de texto de un formulario de b\u00fasqueda."
    }
  ],
  "id": "CVE-2007-1467",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-03-16T21:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24499"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2437"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22982"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017778"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0973"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24499"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.