Lucene search

CiscoCVE-2016-1375

HistoryApr 08, 2016 - 3:59 p.m.

CVE-2016-1375

2016-04-0815:59:04

CWE-79

cisco

web.nvd.nist.gov

cve

2016

1375

xss

vulnerability

cisco

ip interoperability

collaboration system

remote attackers

web script

html

url

bug id

cscuy12339

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

48.5%

JSON

Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339.

Affected configurations

Nvd

Node

ciscoip_interoperability_and_collaboration_systemMatch4.10

VendorProductVersionCPE
ciscoip_interoperability_and_collaboration_system4.10cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ip_interoperability_and_collaboration_system	4.10	cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.10:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

48.5%

JSON

Related for CVE-2016-1375