CVE-2007-1467 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Vpn Client Unified Meetingplace Express Wireless Lan Controllers Wan Manager Meetingplace Ip Communicator Unified Video Advantage Wireless Control System Unified Personal Communicator Unified Videoconferencing Network Analysis Module Acs Solution Engine Wireless Lan Solution Engine Call Manager Unified Meetingplace Unified Videoconferencing Manager Ciscoworks Security Device Manager

Configuration 1 [-]

OR	cpe:2.3:a:cisco:acs_solution_engine:4.1:::::::*
	cpe:2.3:a:cisco:acs_solution_engine:4.1::windows:::::
	cpe:2.3:a:cisco:ciscoworks::::::::
	cpe:2.3:a:cisco:ip_communicator::::::::
	cpe:2.3:a:cisco:meetingplace::::::::
	cpe:2.3:a:cisco:security_device_manager::::::::
	cpe:2.3:a:cisco:unified_meetingplace::::::::
	cpe:2.3:a:cisco:unified_meetingplace_express::::::::
	cpe:2.3:a:cisco:unified_personal_communicator::::::::
	cpe:2.3:a:cisco:unified_video_advantage::::::::
	cpe:2.3:a:cisco:unified_videoconferencing::::::::
	cpe:2.3:a:cisco:unified_videoconferencing_manager::::::::
	cpe:2.3:a:cisco:vpn_client:3.5.1::linux:::::
	cpe:2.3:a:cisco:vpn_client:3.5.1::solaris:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2::linux:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2::solaris:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2b::linux:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2b::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2b::solaris:::::
	cpe:2.3:a:cisco:vpn_client:3.5.4::linux:::::
	cpe:2.3:a:cisco:vpn_client:3.5.4::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:3.5.4::solaris:::::
	cpe:2.3:a:cisco:vpn_client:3.6::linux:::::
	cpe:2.3:a:cisco:vpn_client:3.6::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:3.6::solaris:::::
	cpe:2.3:a:cisco:vpn_client:3.6.1::linux:::::
	cpe:2.3:a:cisco:vpn_client:3.6.1::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:3.6.1::solaris:::::
	cpe:2.3:a:cisco:vpn_client:4.0.2a::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:4.0.2a::solaris:::::
	cpe:2.3:a:cisco:vpn_client:4.0.2c::mac_os_x:::::
	cpe:2.3:a:cisco:vpn_client:4.0.2c::solaris:::::
	cpe:2.3:a:cisco:vpn_client:4.8.1::windows:::::
	cpe:2.3:a:cisco:wan_manager::::::::
	cpe:2.3:a:cisco:wireless_lan_controllers::::::::
	cpe:2.3:a:cisco:wireless_lan_solution_engine::::::::
	cpe:2.3:h:cisco:call_manager::::::::
	cpe:2.3:h:cisco:network_analysis_module::::::::
	cpe:2.3:h:cisco:wireless_control_system:4.0:::::::*

References

Link	Resource
http://secunia.com/advisories/24499
http://securityreason.com/securityalert/2437
http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html	Vendor Advisory
http://www.securityfocus.com/archive/1/462932/100/0/threaded
http://www.securityfocus.com/archive/1/462944/100/0/threaded
http://www.securityfocus.com/bid/22982
http://www.securitytracker.com/id?1017778
http://www.vupen.com/english/advisories/2007/0973
https://exchange.xforce.ibmcloud.com/vulnerabilities/33024