SB2016071109 - Cross-site scripting in Polycom HDX 7000 Series
Published: July 11, 2016 Updated: July 12, 2020
Security Bulletin ID
SB2016071109
CSH Severity
High
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Cross-site scripting in Polycom HDX 7000 Series (CVE-ID: N/A)
CWE-ID: CWE-696 - Incorrect Behavior Order
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to conduct cross-site scripting attacks.
The vulnerability exists due to improper filtering HTML code from user-supplied input. A remote unauthenticated attacker can cause arbitrary scripting code execution by the target user's browser. The code will be able to access the target user's cookies, associated with the site, access data recently submitted by the target user or take actions on the site acting as the target user.
Successful exploitation of this vulnerability may result in arbitrary scripting code execution.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.