BUGTRAQ ID: 33915 Cisco Unified MeetingPlace是思科的网络会议解决方案。 Unified MeetingPlace允许用户修改自己的帐号设置,如名称、电话分机、邮件地址等。如果用户在配置文件页面设置了特制的E-mail Address字段的话,则其他用户在查看该用户的配置文件或该用户所创建会议的详细信息时就会导致跨站脚本攻击,在浏览器会话中执行所嵌入的恶意代码。 Cisco Unified MeetingPlace 7.0 Cisco Unified MeetingPlace 6.0 厂商补丁: Cisco ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875240 target=_blank rel=external nofollow>http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875240</a> <a href=http://tools.cisco.com/support/downloads/go/Model.x?mdfid=278816725&mdfLevel=Software%20Version/Option&treeName=Voice%20and%20Unified%20Communications&modelName=Cisco%20Unified%20MeetingPlace%20Web%20Conferencing&treeMdfId=278875240 target=_blank rel=external...
BUGTRAQ ID: 33915 Cisco Unified MeetingPlace是思科的网络会议解决方案。 Unified MeetingPlace允许用户修改自己的帐号设置,如名称、电话分机、邮件地址等。如果用户在配置文件页面设置了特制的E-mail Address字段的话,则其他用户在查看该用户的配置文件或该用户所创建会议的详细信息时就会导致跨站脚本攻击,在浏览器会话中执行所嵌入的恶意代码。 Cisco Unified MeetingPlace 7.0 Cisco Unified MeetingPlace 6.0 厂商补丁: Cisco ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875240 target=_blank rel=external nofollow>http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875240</a> <a href=http://tools.cisco.com/support/downloads/go/Model.x?mdfid=278816725&mdfLevel=Software%20Version/Option&treeName=Voice%20and%20Unified%20Communications&modelName=Cisco%20Unified%20MeetingPlace%20Web%20Conferencing&treeMdfId=278875240 target=_blank rel=external nofollow>http://tools.cisco.com/support/downloads/go/Model.x?mdfid=278816725&mdfLevel=Software%20Version/Option&treeName=Voice%20and%20Unified%20Communications&modelName=Cisco%20Unified%20MeetingPlace%20Web%20Conferencing&treeMdfId=278875240</a>
