Vulnerabilities > Cisco > Telepresence MXP Software > f9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-09-23 | CVE-2011-2544 | Cross-Site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488. | 3.5 |
| 2011-08-31 | CVE-2011-2577 | Remote Denial of Service vulnerability in Cisco TelePresence Codecs SIP Packet Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500. | 7.8 |