Sign-up

ID

VAR-201407-0388


CVE

CVE-2014-3325


TITLE

Cisco Unified Customer Voice Portal Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-003481

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733. Vendors have confirmed this vulnerability Bug ID CSCuh61711 , CSCuh61720 , CSCuh61723 , CSCuh61726 , CSCuh61727 , CSCuh61731 ,and CSCuh61733 It is released as.Via a crafted parameter by a third party, any Web Script or HTML May be inserted. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733

Trust: 1.98

sources: NVD: CVE-2014-3325 // JVNDB: JVNDB-2014-003481 // BID: 68691 // VULHUB: VHN-71265

AFFECTED PRODUCTS

vendor:ciscomodel:unified customer voice portalscope: - version: -

Trust: 1.4

vendor:ciscomodel:unified customer voice portalscope:eqversion:*

Trust: 1.0

sources: JVNDB: JVNDB-2014-003481 // CNNVD: CNNVD-201407-487 // NVD: CVE-2014-3325

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3325
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3325
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-487
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71265
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3325
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71265
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71265 // JVNDB: JVNDB-2014-003481 // CNNVD: CNNVD-201407-487 // NVD: CVE-2014-3325

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-71265 // JVNDB: JVNDB-2014-003481 // NVD: CVE-2014-3325

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-487

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201407-487

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003481

PATCH
title:Cisco Unified Customer Voice Portalurl:http://www.cisco.com/web/JP/product/hs/iptel/ucvp/index.html
Trust: 0.8
title:Multiple Cross-Site Scripting Vulnerabilities in Cisco Customer Voice Portalurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003481

EXTERNAL IDS
db:NVDid:CVE-2014-3325
Trust: 2.8
db:BIDid:68691
Trust: 1.4
db:SECUNIAid:60546
Trust: 1.1
db:XFid:94662
Trust: 0.8
db:JVNDBid:JVNDB-2014-003481
Trust: 0.8
db:CNNVDid:CNNVD-201407-487
Trust: 0.7
db:VULHUBid:VHN-71265
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71265 // 
            
            
            
            BID: 68691 // 
            
            
            
            JVNDB: JVNDB-2014-003481 // 
            
            
            
            CNNVD: CNNVD-201407-487 // 
            
            
            
            NVD: CVE-2014-3325

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3325
Trust: 1.7
url:http://www.securityfocus.com/bid/68691
Trust: 1.1
url:http://secunia.com/advisories/60546
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3325
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3325
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/94662
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/custcosw/ps1006/index.html
Trust: 0.3
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71265 // 
            
            
            
            BID: 68691 // 
            
            
            
            JVNDB: JVNDB-2014-003481 // 
            
            
            
            CNNVD: CNNVD-201407-487 // 
            
            
            
            NVD: CVE-2014-3325

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68691

SOURCES
db:VULHUBid:VHN-71265
db:BIDid:68691
db:JVNDBid:JVNDB-2014-003481
db:CNNVDid:CNNVD-201407-487
db:NVDid:CVE-2014-3325

LAST UPDATE DATE
2024-11-23T22:46:05.277000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71265date:2017-01-12T00:00:00
db:BIDid:68691date:2014-08-01T01:00:00
db:JVNDBid:JVNDB-2014-003481date:2014-07-22T00:00:00
db:CNNVDid:CNNVD-201407-487date:2014-07-22T00:00:00
db:NVDid:CVE-2014-3325date:2024-11-21T02:07:52.230

SOURCES RELEASE DATE
db:VULHUBid:VHN-71265date:2014-07-19T00:00:00
db:BIDid:68691date:2014-07-17T00:00:00
db:JVNDBid:JVNDB-2014-003481date:2014-07-22T00:00:00
db:CNNVDid:CNNVD-201407-487date:2014-07-22T00:00:00
db:NVDid:CVE-2014-3325date:2014-07-19T19:55:06.450