CVE-2007-1467

low Cisco
CVSS v3 Base Score
3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS Score
0.6%
Exploitation probability in 30 days
Top 31% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None
Published: March 16, 2007 (6998 days ago)
Last Modified: April 23, 2026
Vendor: Cisco
Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.

CWE

NVD-CWE-Other

Affected Products

cisco acs solution enginecisco ciscoworkscisco ip communicatorcisco meetingplacecisco security device managercisco unified meetingplacecisco unified meetingplace expresscisco unified personal communicatorcisco unified video advantagecisco unified videoconferencing

References

🔗 secunia.com 🔗 securityreason.com 🔗 www.cisco.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com