Summary
Cisco Collaboration Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user- supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Cisco Collaboration Server 5 is vulnerable
other versions may be
affected as well.
NOTE: The vendor has discontinued this product.
References
Severity
Classification
-
CVE CVE-2010-0641 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- Admidio get_file.php Remote File Disclosure Vulnerability
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- @Mail WebMail Email Body HTML Injection Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability