Sign-up

ID

VAR-201505-0100


CVE

CVE-2015-0634


TITLE

Cisco WebEx Meetings Server Management interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002704

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuq86310. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuq86310. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 2.07

sources: NVD: CVE-2015-0634 // JVNDB: JVNDB-2015-002704 // BID: 74647 // VULHUB: VHN-78580 // VULMON: CVE-2015-0634

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.0.997

Trust: 2.7

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5

Trust: 2.7

sources: BID: 74647 // JVNDB: JVNDB-2015-002704 // CNNVD: CNNVD-201505-233 // NVD: CVE-2015-0634

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0634
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0634
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-233
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78580
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-0634
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0634
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-78580
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78580 // VULMON: CVE-2015-0634 // JVNDB: JVNDB-2015-002704 // CNNVD: CNNVD-201505-233 // NVD: CVE-2015-0634

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78580 // JVNDB: JVNDB-2015-002704 // NVD: CVE-2015-0634

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-233

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201505-233

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002704

PATCH
title:38811url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38811
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002704

EXTERNAL IDS
db:NVDid:CVE-2015-0634
Trust: 2.9
db:BIDid:74647
Trust: 1.5
db:SECTRACKid:1032329
Trust: 1.2
db:JVNDBid:JVNDB-2015-002704
Trust: 0.8
db:CNNVDid:CNNVD-201505-233
Trust: 0.7
db:SECUNIAid:64472
Trust: 0.6
db:VULHUBid:VHN-78580
Trust: 0.1
db:VULMONid:CVE-2015-0634
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78580 // 
            
            
            
            VULMON: CVE-2015-0634 // 
            
            
            
            BID: 74647 // 
            
            
            
            JVNDB: JVNDB-2015-002704 // 
            
            
            
            CNNVD: CNNVD-201505-233 // 
            
            
            
            NVD: CVE-2015-0634

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38811
Trust: 1.8
url:http://www.securityfocus.com/bid/74647
Trust: 1.2
url:http://www.securitytracker.com/id/1032329
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0634
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0634
Trust: 0.8
url:http://secunia.com/advisories/64472
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=37934
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps12732/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78580 // 
            
            
            
            VULMON: CVE-2015-0634 // 
            
            
            
            BID: 74647 // 
            
            
            
            JVNDB: JVNDB-2015-002704 // 
            
            
            
            CNNVD: CNNVD-201505-233 // 
            
            
            
            NVD: CVE-2015-0634

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74647

SOURCES
db:VULHUBid:VHN-78580
db:VULMONid:CVE-2015-0634
db:BIDid:74647
db:JVNDBid:JVNDB-2015-002704
db:CNNVDid:CNNVD-201505-233
db:NVDid:CVE-2015-0634

LAST UPDATE DATE
2024-11-23T22:56:25.677000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78580date:2017-01-06T00:00:00
db:VULMONid:CVE-2015-0634date:2017-01-06T00:00:00
db:BIDid:74647date:2015-05-13T00:00:00
db:JVNDBid:JVNDB-2015-002704date:2015-05-19T00:00:00
db:CNNVDid:CNNVD-201505-233date:2015-05-15T00:00:00
db:NVDid:CVE-2015-0634date:2024-11-21T02:23:26.557

SOURCES RELEASE DATE
db:VULHUBid:VHN-78580date:2015-05-15T00:00:00
db:VULMONid:CVE-2015-0634date:2015-05-15T00:00:00
db:BIDid:74647date:2015-05-13T00:00:00
db:JVNDBid:JVNDB-2015-002704date:2015-05-19T00:00:00
db:CNNVDid:CNNVD-201505-233date:2015-05-15T00:00:00
db:NVDid:CVE-2015-0634date:2015-05-15T01:59:01.957