Guest

Preview Tool

Cisco Bug: CSCte90684 - XSS in CUVC Management Server

Last Modified

Feb 04, 2017

Products (1)

  • Cisco Unified Videoconferencing 3500 Series Products

Known Affected Releases

5.7(0.5.6)

Description (partial)

Symptom:

Reflective Cross-site scripting error and SQL injection vulnerability found by stratsec in the Cisco Unified 
Video Conferencing management Server.


Conditions:


Product Version: 
 5.7.0.5.6 
Some components of the web application may allow users to supply SQL 
statements or scripts within input parameters.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.