Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2011-09-23T10:00:00
Updated: 2024-08-06T23:08:22.972Z
Reserved: 2011-06-27T00:00:00
Link: CVE-2011-2544
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-09-23T10:55:02.800
Modified: 2018-10-09T19:32:43.667
Link: CVE-2011-2544
Redhat
No data.