Sign-up

ID

VAR-201501-0331


CVE

CVE-2014-8030


TITLE

Cisco WebEx Meetings Server of sendPwMail.do Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-007558

DESCRIPTION

Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuj40381. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2014-8030 // JVNDB: JVNDB-2014-007558 // BID: 71945 // VULHUB: VHN-75975

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2014-007558 // CNNVD: CNNVD-201501-166 // NVD: CVE-2014-8030

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8030
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8030
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-166
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75975
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8030
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75975
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75975 // JVNDB: JVNDB-2014-007558 // CNNVD: CNNVD-201501-166 // NVD: CVE-2014-8030

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-75975 // JVNDB: JVNDB-2014-007558 // NVD: CVE-2014-8030

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-166

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201501-166

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007558

PATCH
title:Cisco WebEx Meetings Server Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8030
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007558

EXTERNAL IDS
db:NVDid:CVE-2014-8030
Trust: 2.8
db:BIDid:71945
Trust: 1.4
db:SECUNIAid:62163
Trust: 1.1
db:SECTRACKid:1031517
Trust: 1.1
db:JVNDBid:JVNDB-2014-007558
Trust: 0.8
db:CNNVDid:CNNVD-201501-166
Trust: 0.7
db:VULHUBid:VHN-75975
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75975 // 
            
            
            
            BID: 71945 // 
            
            
            
            JVNDB: JVNDB-2014-007558 // 
            
            
            
            CNNVD: CNNVD-201501-166 // 
            
            
            
            NVD: CVE-2014-8030

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8030
Trust: 1.7
url:http://www.securityfocus.com/bid/71945
Trust: 1.1
url:http://www.securitytracker.com/id/1031517
Trust: 1.1
url:http://secunia.com/advisories/62163
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100574
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8030
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8030
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75975 // 
            
            
            
            BID: 71945 // 
            
            
            
            JVNDB: JVNDB-2014-007558 // 
            
            
            
            CNNVD: CNNVD-201501-166 // 
            
            
            
            NVD: CVE-2014-8030

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71945

SOURCES
db:VULHUBid:VHN-75975
db:BIDid:71945
db:JVNDBid:JVNDB-2014-007558
db:CNNVDid:CNNVD-201501-166
db:NVDid:CVE-2014-8030

LAST UPDATE DATE
2024-11-23T21:44:39.444000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75975date:2017-09-08T00:00:00
db:BIDid:71945date:2015-01-21T00:01:00
db:JVNDBid:JVNDB-2014-007558date:2015-01-13T00:00:00
db:CNNVDid:CNNVD-201501-166date:2015-01-09T00:00:00
db:NVDid:CVE-2014-8030date:2024-11-21T02:18:27.573

SOURCES RELEASE DATE
db:VULHUBid:VHN-75975date:2015-01-09T00:00:00
db:BIDid:71945date:2015-01-08T00:00:00
db:JVNDBid:JVNDB-2014-007558date:2015-01-13T00:00:00
db:CNNVDid:CNNVD-201501-166date:2015-01-09T00:00:00
db:NVDid:CVE-2014-8030date:2015-01-09T02:59:06.023