Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco TelePresence Endpoint HTML注入漏洞
Vulnerability Description
Cisco TelePresence是美国思科(Cisco)公司的一套被称为“网真”系统的视频会议解决方案。该方案提供音频、视频空间等组件,可为远程参会者提供一个“面对面”的虚拟会议室效果。Cisco TelePresence Endpoint是其中的终端服务。 由于H.323 ID或SIP Display Name字段的灵活性以及无法正确验证用户输入,Cisco TelePresence Endpoint在实现上存在HTML注入漏洞,远程攻击者可利用HTML注入漏洞在受影响浏览器中执行任意脚本代码,窃取
CVSS Information
N/A
Vulnerability Type
N/A