Lucene search

CiscoCVE-2016-1462

HistoryJul 28, 2016 - 1:59 a.m.

CVE-2016-1462

2016-07-2801:59:42

CWE-79

cisco

web.nvd.nist.gov

cve-2016-1462

cross-site scripting

xss vulnerability

cisco prime service catalog

psc 11.0

bug id cscuz63795

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

55.7%

JSON

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuz63795.

Affected configurations

Nvd

Node

ciscoprime_service_catalogMatch11.0_base

VendorProductVersionCPE
ciscoprime_service_catalog11.0_basecpe:2.3:a:cisco:prime_service_catalog:11.0_base:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_service_catalog	11.0_base	cpe:2.3:a:cisco:prime_service_catalog:11.0_base:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-psc

www.securityfocus.com/bid/92156

www.securitytracker.com/id/1036472

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

55.7%

JSON

Related for CVE-2016-1462