Skip to main content

Meeting Server CVE-2016-1451

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2016-07-15 psirt@cisco.com
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 15, 2016 - 16:59 cve.org
MEDIUM 6.1

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922.

AnalysisAI

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922. Affected products include: Cisco Meeting Server. Version information: through 1.9.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2016-6448 CRITICAL
9.8 Nov 03

A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated,

CVE-2016-6447 CRITICAL
9.8 Nov 03

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbit

CVE-2017-12249 CRITICAL
9.1 Sep 13

A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an a

CVE-2016-6445 CRITICAL
9.1 Oct 27

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) befor

CVE-2016-6444 HIGH
8.8 Oct 27

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request

CVE-2018-0439 HIGH
8.8 Oct 05

A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote att

CVE-2017-3837 HIGH
8.1 Feb 22

An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Co

CVE-2018-0262 HIGH
8.1 May 02

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to c

CVE-2017-6763 HIGH
7.5 Aug 07

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthent

CVE-2017-3830 HIGH
7.5 Feb 22

A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to

CVE-2016-6446 HIGH
7.5 Oct 27

A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memor

CVE-2021-40122 HIGH
7.5 Oct 21

A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote atta

Share

CVE-2016-1451 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy