Lucene search

CiscoCVE-2015-0714

HistoryMay 02, 2015 - 2:59 p.m.

CVE-2015-0714

2015-05-0214:59:00

CWE-79

cisco

web.nvd.nist.gov

cisco

finesse server

xss

cross-site scripting

vulnerability

security

cve-2015-0714

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

49.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

Affected configurations

Nvd

Node

ciscofinesseMatch10.0\(1\)_base

ciscofinesseMatch10.5\(1\)_base

ciscofinesseMatch10.6\(1\)_base

ciscofinesseMatch11.0\(1\)_base

VendorProductVersionCPE
ciscofinesse10.0(1)_basecpe:2.3:a:cisco:finesse:10.0\(1\)_base:*:*:*:*:*:*:*
ciscofinesse10.5(1)_basecpe:2.3:a:cisco:finesse:10.5\(1\)_base:*:*:*:*:*:*:*
ciscofinesse10.6(1)_basecpe:2.3:a:cisco:finesse:10.6\(1\)_base:*:*:*:*:*:*:*
ciscofinesse11.0(1)_basecpe:2.3:a:cisco:finesse:11.0\(1\)_base:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	finesse	10.0(1)_base	cpe:2.3:a:cisco:finesse:10.0\(1\)_base:::::::*
cisco	finesse	10.5(1)_base	cpe:2.3:a:cisco:finesse:10.5\(1\)_base:::::::*
cisco	finesse	10.6(1)_base	cpe:2.3:a:cisco:finesse:10.6\(1\)_base:::::::*
cisco	finesse	11.0(1)_base	cpe:2.3:a:cisco:finesse:11.0\(1\)_base:::::::*

References

tools.cisco.com/security/center/viewAlert.x?alertId=38607

www.securitytracker.com/id/1032222

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

49.1%

JSON

Related for CVE-2015-0714