| Vulnerability Name: | CVE-2014-3363 (CCN-95882) | ||||||||
| Assigned: | 2014-09-10 | ||||||||
| Published: | 2014-09-10 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-3363 Source: SECUNIA Type: UNKNOWN 59105 Source: CCN Type: Cisco Security Notice Cisco Unified Communications Manager Cross-Site Redirection Vulnerability Source: CISCO Type: Vendor Advisory 20140910 Cisco Unified Communications Manager Cross-Site Redirection Vulnerability Source: CONFIRM Type: Vendor Advisory http://tools.cisco.com/security/center/viewAlert.x?alertId=35672 Source: BID Type: UNKNOWN 69739 Source: CCN Type: BID-69739 Cisco Unified Communications Manager Web Framework Cross Site Scripting Vulnerability Source: SECTRACK Type: UNKNOWN 1030836 Source: XF Type: UNKNOWN cisco-ucm-cve20143363-xss(95882) Source: XF Type: UNKNOWN cisco-ucm-cve20143363-xss(95882) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||