| Vulnerability Name: | CVE-2014-3373 (CCN-98406) | ||||||||
| Assigned: | 2014-10-30 | ||||||||
| Published: | 2014-10-30 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-3373 Source: SECUNIA Type: UNKNOWN 59692 Source: CCN Type: Cisco Security Notice Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability Source: CISCO Type: Vendor Advisory 20141030 Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability Source: CONFIRM Type: Vendor Advisory http://tools.cisco.com/security/center/viewAlert.x?alertId=36294 Source: BID Type: UNKNOWN 70848 Source: CCN Type: BID-70848 Cisco Unified Communications Manager CVE-2014-3373 Multiple Cross Site Scripting Vulnerabilities Source: SECTRACK Type: UNKNOWN 1031161 Source: XF Type: UNKNOWN cisco-ucm-cve20143373-xss(98406) Source: XF Type: UNKNOWN cisco-ucm-cve20143373-xss(98406) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||