Sign-up

ID

VAR-201506-0154


CVE

CVE-2015-0762


TITLE

Microsoft Outlook for Cisco Unified MeetingPlace Management interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002941

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuu51400

Trust: 1.98

sources: NVD: CVE-2015-0762 // JVNDB: JVNDB-2015-002941 // BID: 74953 // VULHUB: VHN-78708

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6\(1.9\)

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6\(1.2\)

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6(1.9)

Trust: 1.1

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6(1.2)

Trust: 1.1

sources: BID: 74953 // JVNDB: JVNDB-2015-002941 // CNNVD: CNNVD-201506-051 // NVD: CVE-2015-0762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0762
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0762
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-051
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78708
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0762
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78708
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78708 // JVNDB: JVNDB-2015-002941 // CNNVD: CNNVD-201506-051 // NVD: CVE-2015-0762

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78708 // JVNDB: JVNDB-2015-002941 // NVD: CVE-2015-0762

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-051

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201506-051

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002941

PATCH
title:39161url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39161
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002941

EXTERNAL IDS
db:NVDid:CVE-2015-0762
Trust: 2.8
db:SECTRACKid:1032470
Trust: 1.1
db:JVNDBid:JVNDB-2015-002941
Trust: 0.8
db:CNNVDid:CNNVD-201506-051
Trust: 0.7
db:BIDid:74953
Trust: 0.4
db:VULHUBid:VHN-78708
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78708 // 
            
            
            
            BID: 74953 // 
            
            
            
            JVNDB: JVNDB-2015-002941 // 
            
            
            
            CNNVD: CNNVD-201506-051 // 
            
            
            
            NVD: CVE-2015-0762

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39161
Trust: 2.0
url:http://www.securitytracker.com/id/1032470
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0762
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0762
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78708 // 
            
            
            
            BID: 74953 // 
            
            
            
            JVNDB: JVNDB-2015-002941 // 
            
            
            
            CNNVD: CNNVD-201506-051 // 
            
            
            
            NVD: CVE-2015-0762

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74953

SOURCES
db:VULHUBid:VHN-78708
db:BIDid:74953
db:JVNDBid:JVNDB-2015-002941
db:CNNVDid:CNNVD-201506-051
db:NVDid:CVE-2015-0762

LAST UPDATE DATE
2024-11-23T21:44:09.693000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78708date:2017-01-04T00:00:00
db:BIDid:74953date:2015-06-02T00:00:00
db:JVNDBid:JVNDB-2015-002941date:2015-06-05T00:00:00
db:CNNVDid:CNNVD-201506-051date:2015-06-10T00:00:00
db:NVDid:CVE-2015-0762date:2024-11-21T02:23:40.297

SOURCES RELEASE DATE
db:VULHUBid:VHN-78708date:2015-06-04T00:00:00
db:BIDid:74953date:2015-06-02T00:00:00
db:JVNDBid:JVNDB-2015-002941date:2015-06-05T00:00:00
db:CNNVDid:CNNVD-201506-051date:2015-06-05T00:00:00
db:NVDid:CVE-2015-0762date:2015-06-04T10:59:02.707