| Vulnerability Name: | CVE-2014-3372 (CCN-98404) | ||||||||
| Assigned: | 2014-10-30 | ||||||||
| Published: | 2014-10-30 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-3372 Source: SECUNIA Type: UNKNOWN 61003 Source: CCN Type: Cisco Security Notice Cisco Unified Communications Manager Reports Interface Reflected Cross-Site Scripting Vulnerability Source: CISCO Type: Vendor Advisory 20141030 Cisco Unified Communications Manager Reports Interface Reflected Cross-Site Scripting Vulnerability Source: CONFIRM Type: Vendor Advisory http://tools.cisco.com/security/center/viewAlert.x?alertId=36292 Source: BID Type: UNKNOWN 70846 Source: CCN Type: BID-70846 Cisco Unified Communications Manager Reports Interface Multiple Cross Site Scripting Vulnerabilities Source: SECTRACK Type: UNKNOWN 1031159 Source: XF Type: UNKNOWN cisco-ucm-cve20143372-xss(98404) Source: XF Type: UNKNOWN cisco-ucm-cve20143372-xss(98404) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||