Main Vulnerability Database SB2016071109

SB2016071109 - Cross-site scripting in Polycom HDX 7000 Series

Published: July 11, 2016 Updated: July 12, 2020

Security Bulletin ID SB2016071109

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site scripting in Polycom HDX 7000 Series (CVE-ID: N/A)

The vulnerability allows a remote attacker to conduct cross-site scripting attacks.

The vulnerability exists due to improper filtering HTML code from user-supplied input. A remote unauthenticated attacker can cause arbitrary scripting code execution by the target user's browser. The code will be able to access the target user's cookies, associated with the site, access data recently submitted by the target user or take actions on the site acting as the target user.

Successful exploitation of this vulnerability may result in arbitrary scripting code execution.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://blogs.securiteam.com/index.php/archives/2704