Sign-up

ID

VAR-201504-0282


CVE

CVE-2015-0703


TITLE

Cisco Unified MeetingPlace Management Web Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002414

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCus95857. This solution provides a user environment that integrates voice, video and Web conferencing

Trust: 1.98

sources: NVD: CVE-2015-0703 // JVNDB: JVNDB-2015-002414 // BID: 74256 // VULHUB: VHN-78649

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6\(1.9\)

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6(1.9)

Trust: 1.1

sources: BID: 74256 // JVNDB: JVNDB-2015-002414 // CNNVD: CNNVD-201504-406 // NVD: CVE-2015-0703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0703
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0703
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201504-406
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78649
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0703
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78649
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78649 // JVNDB: JVNDB-2015-002414 // CNNVD: CNNVD-201504-406 // NVD: CVE-2015-0703

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78649 // JVNDB: JVNDB-2015-002414 // NVD: CVE-2015-0703

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-406

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201504-406

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002414

PATCH
title:38459url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38459
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002414

EXTERNAL IDS
db:NVDid:CVE-2015-0703
Trust: 2.8
db:SECTRACKid:1032164
Trust: 1.1
db:JVNDBid:JVNDB-2015-002414
Trust: 0.8
db:CNNVDid:CNNVD-201504-406
Trust: 0.7
db:BIDid:74256
Trust: 0.4
db:VULHUBid:VHN-78649
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78649 // 
            
            
            
            BID: 74256 // 
            
            
            
            JVNDB: JVNDB-2015-002414 // 
            
            
            
            CNNVD: CNNVD-201504-406 // 
            
            
            
            NVD: CVE-2015-0703

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38459
Trust: 2.0
url:http://www.securitytracker.com/id/1032164
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0703
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0703
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78649 // 
            
            
            
            BID: 74256 // 
            
            
            
            JVNDB: JVNDB-2015-002414 // 
            
            
            
            CNNVD: CNNVD-201504-406 // 
            
            
            
            NVD: CVE-2015-0703

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74256

SOURCES
db:VULHUBid:VHN-78649
db:BIDid:74256
db:JVNDBid:JVNDB-2015-002414
db:CNNVDid:CNNVD-201504-406
db:NVDid:CVE-2015-0703

LAST UPDATE DATE
2024-11-23T22:01:50.503000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78649date:2017-01-06T00:00:00
db:BIDid:74256date:2015-04-20T00:00:00
db:JVNDBid:JVNDB-2015-002414date:2015-04-22T00:00:00
db:CNNVDid:CNNVD-201504-406date:2015-04-21T00:00:00
db:NVDid:CVE-2015-0703date:2024-11-21T02:23:34.077

SOURCES RELEASE DATE
db:VULHUBid:VHN-78649date:2015-04-21T00:00:00
db:BIDid:74256date:2015-04-20T00:00:00
db:JVNDBid:JVNDB-2015-002414date:2015-04-22T00:00:00
db:CNNVDid:CNNVD-201504-406date:2015-04-21T00:00:00
db:NVDid:CVE-2015-0703date:2015-04-21T02:59:03.887