| Vulnerability Name: | CVE-2014-2104 (CCN-91483) | ||||||||
| Assigned: | 2014-02-27 | ||||||||
| Published: | 2014-02-27 | ||||||||
| Updated: | 2015-09-16 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-2104 Source: CCN Type: SA57191 Cisco Unified Communications Domain Manager (CUCDM) Web Framework BVSM Multiple Vulnerabilities Source: CCN Type: Cisco Security Notice Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability Source: CISCO Type: Vendor Advisory 20140227 Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability Source: CONFIRM Type: Vendor Advisory http://tools.cisco.com/security/center/viewAlert.x?alertId=33111 Source: BID Type: UNKNOWN 65869 Source: CCN Type: BID-65869 Cisco Unified Communications Domain Manager Multiple Cross Site Scripting Vulnerabilities Source: XF Type: UNKNOWN cisco-ucdm-cve20142104-xss(91483) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||