Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Acs Solution Engine | 4.1 |
| Cisco | Ciscoworks | All versions |
| Cisco | Ip Communicator | All versions |
| Cisco | Meetingplace | All versions |
| Cisco | Security Device Manager | All versions |
| Cisco | Unified Meetingplace | All versions |
| Cisco | Unified Meetingplace Express | All versions |
| Cisco | Unified Personal Communicator | All versions |
| Cisco | Unified Video Advantage | All versions |
| Cisco | Unified Videoconferencing | All versions |
| Cisco | Unified Videoconferencing Manager | All versions |
| Cisco | Vpn Client | 3.5.1 |
| Cisco | Wan Manager | All versions |
| Cisco | Wireless Lan Controllers | All versions |
| Cisco | Wireless Lan Solution Engine | All versions |
| Cisco | Call Manager | All versions |
| Cisco | Network Analysis Module | All versions |
| Cisco | Wireless Control System | 4.0 |
References
- http://secunia.com/advisories/24499
- http://securityreason.com/securityalert/2437
- http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.hVendor Advisory
- http://www.securityfocus.com/archive/1/462932/100/0/threaded
- http://www.securityfocus.com/archive/1/462944/100/0/threaded
- http://www.securityfocus.com/bid/22982
- http://www.securitytracker.com/id?1017778
- http://www.vupen.com/english/advisories/2007/0973
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33024
- http://secunia.com/advisories/24499
- http://securityreason.com/securityalert/2437
- http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.hVendor Advisory
- http://www.securityfocus.com/archive/1/462932/100/0/threaded
- http://www.securityfocus.com/archive/1/462944/100/0/threaded
- http://www.securityfocus.com/bid/22982
FAQ
What is CVE-2007-1467?
CVE-2007-1467 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, ...
How severe is CVE-2007-1467?
CVE-2007-1467 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1467?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Acs Solution Engine, Cisco Ciscoworks, Cisco Ip Communicator, Cisco Meetingplace, Cisco Security Device Manager.