CVE-2007-1467

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.

Published: 2007-03-16 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2007-1467 is rated Low Risk (37/100): CVSS Low severity, with medium exploitation likelihood (EPSS 1.19%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2007-1467

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.56% 1.19% +0.63%
2 2025-05-31 0.46% 0.56% +0.10%
3 2025-03-30 0.46%

Full EPSS history (14 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2007-1467

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
3.5 2.0 LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:S)
A single authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
6.8 2.9 [email protected]

Weakness enumeration for CVE-2007-1467

Affected software / configurations for CVE-2007-1467

Vendor Product Version Raw CPE
cisco acs_solution_engine 4.1 cpe:2.3:a:cisco:acs_solution_engine:4.1:*:*:*:*:*:*:*
cisco acs_solution_engine 4.1 cpe:2.3:a:cisco:acs_solution_engine:4.1:*:windows:*:*:*:*:*
cisco ciscoworks cpe:2.3:a:cisco:ciscoworks:*:*:*:*:*:*:*:*
cisco ip_communicator cpe:2.3:a:cisco:ip_communicator:*:*:*:*:*:*:*:*
cisco meetingplace cpe:2.3:a:cisco:meetingplace:*:*:*:*:*:*:*:*
cisco security_device_manager cpe:2.3:a:cisco:security_device_manager:*:*:*:*:*:*:*:*
cisco unified_meetingplace cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*
cisco unified_meetingplace_express cpe:2.3:a:cisco:unified_meetingplace_express:*:*:*:*:*:*:*:*
cisco unified_personal_communicator cpe:2.3:a:cisco:unified_personal_communicator:*:*:*:*:*:*:*:*
cisco unified_video_advantage cpe:2.3:a:cisco:unified_video_advantage:*:*:*:*:*:*:*:*
cisco unified_videoconferencing cpe:2.3:a:cisco:unified_videoconferencing:*:*:*:*:*:*:*:*
cisco unified_videoconferencing_manager cpe:2.3:a:cisco:unified_videoconferencing_manager:*:*:*:*:*:*:*:*
cisco vpn_client 3.5.1 cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*
cisco vpn_client 3.5.1 cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*
cisco vpn_client 3.5.2 cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*
cisco vpn_client 3.5.2 cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*
cisco vpn_client 3.5.2 cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*
cisco vpn_client 3.5.2b cpe:2.3:a:cisco:vpn_client:3.5.2b:*:linux:*:*:*:*:*
cisco vpn_client 3.5.2b cpe:2.3:a:cisco:vpn_client:3.5.2b:*:mac_os_x:*:*:*:*:*
cisco vpn_client 3.5.2b cpe:2.3:a:cisco:vpn_client:3.5.2b:*:solaris:*:*:*:*:*
cisco vpn_client 3.5.4 cpe:2.3:a:cisco:vpn_client:3.5.4:*:linux:*:*:*:*:*
cisco vpn_client 3.5.4 cpe:2.3:a:cisco:vpn_client:3.5.4:*:mac_os_x:*:*:*:*:*
cisco vpn_client 3.5.4 cpe:2.3:a:cisco:vpn_client:3.5.4:*:solaris:*:*:*:*:*
cisco vpn_client 3.6 cpe:2.3:a:cisco:vpn_client:3.6:*:linux:*:*:*:*:*
cisco vpn_client 3.6 cpe:2.3:a:cisco:vpn_client:3.6:*:mac_os_x:*:*:*:*:*
cisco vpn_client 3.6 cpe:2.3:a:cisco:vpn_client:3.6:*:solaris:*:*:*:*:*
cisco vpn_client 3.6.1 cpe:2.3:a:cisco:vpn_client:3.6.1:*:linux:*:*:*:*:*
cisco vpn_client 3.6.1 cpe:2.3:a:cisco:vpn_client:3.6.1:*:mac_os_x:*:*:*:*:*
cisco vpn_client 3.6.1 cpe:2.3:a:cisco:vpn_client:3.6.1:*:solaris:*:*:*:*:*
cisco vpn_client 4.0.2a cpe:2.3:a:cisco:vpn_client:4.0.2a:*:mac_os_x:*:*:*:*:*
cisco vpn_client 4.0.2a cpe:2.3:a:cisco:vpn_client:4.0.2a:*:solaris:*:*:*:*:*
cisco vpn_client 4.0.2c cpe:2.3:a:cisco:vpn_client:4.0.2c:*:mac_os_x:*:*:*:*:*
cisco vpn_client 4.0.2c cpe:2.3:a:cisco:vpn_client:4.0.2c:*:solaris:*:*:*:*:*
cisco vpn_client 4.8.1 cpe:2.3:a:cisco:vpn_client:4.8.1:*:windows:*:*:*:*:*
cisco wan_manager cpe:2.3:a:cisco:wan_manager:*:*:*:*:*:*:*:*
cisco wireless_lan_controllers cpe:2.3:a:cisco:wireless_lan_controllers:*:*:*:*:*:*:*:*
cisco wireless_lan_solution_engine cpe:2.3:a:cisco:wireless_lan_solution_engine:*:*:*:*:*:*:*:*
cisco call_manager cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*
cisco network_analysis_module cpe:2.3:h:cisco:network_analysis_module:*:*:*:*:*:*:*:*
cisco wireless_control_system 4.0 cpe:2.3:h:cisco:wireless_control_system:4.0:*:*:*:*:*:*:*

References for CVE-2007-1467

cvelogic Threat Intelligence