Lucene search

CiscoCVELIST:CVE-2015-0749

HistoryFeb 19, 2020 - 2:55 a.m.

CVE-2015-0749 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

2020-02-1902:55:13

CWE-79

cisco

www.cve.org

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.002

Percentile

51.8%

JSON

A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.

CNA Affected

[
  {
    "product": "Cisco Unified Communications Manager",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "next of 11.5(0.98000.108)",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.002

Percentile

51.8%

JSON

Related for CVELIST:CVE-2015-0749