CVE-2007-1467

CWE-79 — Cross-site Scripting (XSS)6 documents6 sources

Severity

3.5LOW

EPSS

0.6%

top 31.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco ACS Solution Engine Cisco VPN Client Cisco Wireless Control System

Timeline

PublishedMar 16

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN So…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶NVDcisco/wireless_control_system4.0

▶NVDcisco/acs_solution_engine4.1

▶NVDcisco/vpn_client9 versions+8

🔴Vulnerability Details

GHSA

GHSA-m8gw-9xmq-cmmc: Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch↗2022-05-01

▶

CVEList

CVE-2007-1467: Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch↗2007-03-16

▶

📋Vendor Advisories

Red Hat

Flash plugin DNS rebinding↗2007-10-08

▶

Cisco

Cisco Online Help System Cross-Site Scripting Vulnerability↗2007-03-15

▶

💬Community

Bugzilla

CVE-2007-5275 Flash plugin DNS rebinding↗2007-11-05

▶