Sign-up

ID

VAR-201506-0298


CVE

CVE-2015-4210


TITLE

Cisco WebEx Meeting Center Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-003251

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCur03806. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2015-4210 // JVNDB: JVNDB-2015-003251 // BID: 75348 // VULHUB: VHN-82171

AFFECTED PRODUCTS

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meeting centerscope:eqversion:0

Trust: 0.3

sources: BID: 75348 // JVNDB: JVNDB-2015-003251 // CNNVD: CNNVD-201506-408 // NVD: CVE-2015-4210

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4210
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4210
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-408
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82171
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4210
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82171
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82171 // JVNDB: JVNDB-2015-003251 // CNNVD: CNNVD-201506-408 // NVD: CVE-2015-4210

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-82171 // JVNDB: JVNDB-2015-003251 // NVD: CVE-2015-4210

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-408

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201506-408

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003251

PATCH
title:39460url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39460
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003251

EXTERNAL IDS
db:NVDid:CVE-2015-4210
Trust: 2.8
db:BIDid:75348
Trust: 1.4
db:SECTRACKid:1032705
Trust: 1.1
db:JVNDBid:JVNDB-2015-003251
Trust: 0.8
db:CNNVDid:CNNVD-201506-408
Trust: 0.7
db:VULHUBid:VHN-82171
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82171 // 
            
            
            
            BID: 75348 // 
            
            
            
            JVNDB: JVNDB-2015-003251 // 
            
            
            
            CNNVD: CNNVD-201506-408 // 
            
            
            
            NVD: CVE-2015-4210

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39460
Trust: 2.0
url:http://www.securityfocus.com/bid/75348
Trust: 1.1
url:http://www.securitytracker.com/id/1032705
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4210
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4210
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.webex.com/products/enterprise_meetings.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82171 // 
            
            
            
            BID: 75348 // 
            
            
            
            JVNDB: JVNDB-2015-003251 // 
            
            
            
            CNNVD: CNNVD-201506-408 // 
            
            
            
            NVD: CVE-2015-4210

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75348

SOURCES
db:VULHUBid:VHN-82171
db:BIDid:75348
db:JVNDBid:JVNDB-2015-003251
db:CNNVDid:CNNVD-201506-408
db:NVDid:CVE-2015-4210

LAST UPDATE DATE
2024-11-23T22:01:44.905000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82171date:2016-12-28T00:00:00
db:BIDid:75348date:2015-06-22T00:00:00
db:JVNDBid:JVNDB-2015-003251date:2015-06-24T00:00:00
db:CNNVDid:CNNVD-201506-408date:2015-06-24T00:00:00
db:NVDid:CVE-2015-4210date:2024-11-21T02:30:38.423

SOURCES RELEASE DATE
db:VULHUBid:VHN-82171date:2015-06-23T00:00:00
db:BIDid:75348date:2015-06-22T00:00:00
db:JVNDBid:JVNDB-2015-003251date:2015-06-24T00:00:00
db:CNNVDid:CNNVD-201506-408date:2015-06-24T00:00:00
db:NVDid:CVE-2015-4210date:2015-06-23T14:59:05.337