Cisco Bug: CSCtd69750 - Input validation insufficient for meeting template values
Feb 02, 2017
- Cisco Unified MeetingPlace
- Cisco Security Agent for Cisco Unified MeetingPlace
- Cisco Unified MeetingPlace Web Conferencing
Known Affected Releases
Symptom: Changes in the meeting template (TPL) values may be reflected back to the user on an error page. Conditions: Changes to the TPL values will not occur under normal circumstances, They may be changed as part of a security audit, test tools, or cross site scripting XSS attack. The return of the values may cause certian test tools to flag Meetingplace pages as vulnerable to XSS attacks. It is unlikely modern broswers would actually execute any scripts.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases