CVE-2011-3294

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Video Communication Servers (VCS) versions prior to X7.0

Description A cross-site scripting (XSS) issue exists in the login page of the administrative interface, allowing remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

Recommendations For versions prior to X7.0, update to version X7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative interface to minimize the risk of exploitation. Avoid using the vulnerable login page until the issue is resolved.