| Vulnerability Name: | CVE-2015-0707 (CCN-102512) | ||||||||
| Assigned: | 2015-04-22 | ||||||||
| Published: | 2015-04-22 | ||||||||
| Updated: | 2015-04-23 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-0707 Source: CCN Type: Cisco Vulnerability Alert 38487 Cisco FireSIGHT Management Center Web Framework Stored Cross-Site Scripting Vulnerability Source: CISCO Type: Vendor Advisory 20150422 Cisco FireSIGHT Management Center Web Framework Stored Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN cisco-firesight-cve20150707-xss(102512) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||