Sign-up

ID

VAR-201503-0171


CVE

CVE-2015-0668


TITLE

Cisco WebEx Meetings Server Management portal cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001891

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737. Vendors have confirmed this vulnerability Bug ID CSCuq66737 It is released as.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuq66737. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. The administration portal page of CWMS version 2.5 and version 2.5.99.2 has a cross-site scripting vulnerability, which is caused by the program not adequately filtering the input submitted by the user

Trust: 1.98

sources: NVD: CVE-2015-0668 // JVNDB: JVNDB-2015-001891 // BID: 73244 // VULHUB: VHN-78614

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.99.2

Trust: 2.7

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5

Trust: 2.7

sources: BID: 73244 // JVNDB: JVNDB-2015-001891 // CNNVD: CNNVD-201503-407 // NVD: CVE-2015-0668

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0668
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0668
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201503-407
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78614
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0668
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78614
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78614 // JVNDB: JVNDB-2015-001891 // CNNVD: CNNVD-201503-407 // NVD: CVE-2015-0668

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78614 // JVNDB: JVNDB-2015-001891 // NVD: CVE-2015-0668

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-407

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201503-407

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001891

PATCH
title:37934url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37934
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001891

EXTERNAL IDS
db:NVDid:CVE-2015-0668
Trust: 2.8
db:SECTRACKid:1031968
Trust: 1.1
db:JVNDBid:JVNDB-2015-001891
Trust: 0.8
db:CNNVDid:CNNVD-201503-407
Trust: 0.7
db:BIDid:73244
Trust: 0.4
db:VULHUBid:VHN-78614
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78614 // 
            
            
            
            BID: 73244 // 
            
            
            
            JVNDB: JVNDB-2015-001891 // 
            
            
            
            CNNVD: CNNVD-201503-407 // 
            
            
            
            NVD: CVE-2015-0668

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=37934
Trust: 2.0
url:http://www.securitytracker.com/id/1031968
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0668
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0668
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps12732/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78614 // 
            
            
            
            BID: 73244 // 
            
            
            
            JVNDB: JVNDB-2015-001891 // 
            
            
            
            CNNVD: CNNVD-201503-407 // 
            
            
            
            NVD: CVE-2015-0668

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 73244

SOURCES
db:VULHUBid:VHN-78614
db:BIDid:73244
db:JVNDBid:JVNDB-2015-001891
db:CNNVDid:CNNVD-201503-407
db:NVDid:CVE-2015-0668

LAST UPDATE DATE
2024-11-23T22:42:29.921000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78614date:2015-10-01T00:00:00
db:BIDid:73244date:2015-03-19T00:00:00
db:JVNDBid:JVNDB-2015-001891date:2015-03-23T00:00:00
db:CNNVDid:CNNVD-201503-407date:2015-03-23T00:00:00
db:NVDid:CVE-2015-0668date:2024-11-21T02:23:30.253

SOURCES RELEASE DATE
db:VULHUBid:VHN-78614date:2015-03-20T00:00:00
db:BIDid:73244date:2015-03-19T00:00:00
db:JVNDBid:JVNDB-2015-001891date:2015-03-23T00:00:00
db:CNNVDid:CNNVD-201503-407date:2015-03-23T00:00:00
db:NVDid:CVE-2015-0668date:2015-03-20T01:59:00.063