cvelistv5 - cve-2014-3325

CVE-2014-3325 (GCVE-0-2014-3325)

Vulnerability from cvelistv5

Published

2014-07-19 19:00

Modified

2024-08-06 10:43

Severity ?

CWE

Summary

References

URL

Tags

psirt@cisco.com	http://secunia.com/advisories/60546
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/68691	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60546
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/68691	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:05.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "68691",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68691"
          },
          {
            "name": "60546",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60546"
          },
          {
            "name": "20140717 Multiple Cross-Site Scripting Vulnerabilities in Cisco Customer Voice Portal",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "68691",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68691"
        },
        {
          "name": "60546",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60546"
        },
        {
          "name": "20140717 Multiple Cross-Site Scripting Vulnerabilities in Cisco Customer Voice Portal",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3325",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "68691",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68691"
            },
            {
              "name": "60546",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60546"
            },
            {
              "name": "20140717 Multiple Cross-Site Scripting Vulnerabilities in Cisco Customer Voice Portal",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3325",
    "datePublished": "2014-07-19T19:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:43:05.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3325\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2014-07-19T19:55:06.450\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de XSS en Cisco Unified Customer Voice Portal (CVP) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro manipulado, tambi\u00e9n conocido como Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731 y CSCuh61733.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70BC640C-BA51-4911-9537-C13F71C206BE\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/60546\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/68691\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secunia.com/advisories/60546\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/68691\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

var-201407-0388

Vulnerability from variot

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733. Vendors have confirmed this vulnerability Bug ID CSCuh61711 , CSCuh61720 , CSCuh61723 , CSCuh61726 , CSCuh61727 , CSCuh61731 ,and CSCuh61733 It is released as.Via a crafted parameter by a third party, any Web Script or HTML May be inserted. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201407-0388",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified customer voice portal",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003481"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-487"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3325"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:unified_customer_voice_portal",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003481"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "68691"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-3325",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-3325",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-71265",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-3325",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-3325",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201407-487",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-71265",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003481"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-487"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3325"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733. Vendors have confirmed this vulnerability Bug ID CSCuh61711 , CSCuh61720 , CSCuh61723 , CSCuh61726 , CSCuh61727 , CSCuh61731 ,and CSCuh61733 It is released as.Via a crafted parameter by a third party, any Web Script or HTML May be inserted. \nAn attacker may leverage these issues to execute arbitrary script code  in the browser of an unsuspecting user in the context of the affected  site. This can allow the attacker to steal cookie-based authentication  credentials and launch other attacks. \nThese issues are being tracked by Cisco Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3325"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003481"
      },
      {
        "db": "BID",
        "id": "68691"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71265"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3325",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "68691",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "60546",
        "trust": 1.1
      },
      {
        "db": "XF",
        "id": "94662",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003481",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-487",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-71265",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71265"
      },
      {
        "db": "BID",
        "id": "68691"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003481"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-487"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3325"
      }
    ]
  },
  "id": "VAR-201407-0388",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71265"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:46:05.277000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco Unified Customer Voice Portal",
        "trust": 0.8,
        "url": "http://www.cisco.com/web/JP/product/hs/iptel/ucvp/index.html"
      },
      {
        "title": "Multiple Cross-Site Scripting Vulnerabilities in Cisco Customer Voice Portal",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003481"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003481"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3325"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3325"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/68691"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60546"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3325"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3325"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/94662"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/custcosw/ps1006/index.html"
      },
      {
        "trust": 0.3,
        "url": "www.cisco.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71265"
      },
      {
        "db": "BID",
        "id": "68691"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003481"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-487"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3325"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-71265"
      },
      {
        "db": "BID",
        "id": "68691"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003481"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-487"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3325"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-07-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71265"
      },
      {
        "date": "2014-07-17T00:00:00",
        "db": "BID",
        "id": "68691"
      },
      {
        "date": "2014-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003481"
      },
      {
        "date": "2014-07-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201407-487"
      },
      {
        "date": "2014-07-19T19:55:06.450000",
        "db": "NVD",
        "id": "CVE-2014-3325"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71265"
      },
      {
        "date": "2014-08-01T01:00:00",
        "db": "BID",
        "id": "68691"
      },
      {
        "date": "2014-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003481"
      },
      {
        "date": "2014-07-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201407-487"
      },
      {
        "date": "2024-11-21T02:07:52.230000",
        "db": "NVD",
        "id": "CVE-2014-3325"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-487"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Customer Voice Portal Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003481"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-487"
      }
    ],
    "trust": 0.6
  }
}

gsd-2014-3325

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-3325

Aliases

CVE-2014-3325

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3325",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733.",
    "id": "GSD-2014-3325"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3325"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733.",
      "id": "GSD-2014-3325",
      "modified": "2023-12-13T01:22:53.009899Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-3325",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "68691",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/68691"
          },
          {
            "name": "60546",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/60546"
          },
          {
            "name": "20140717 Multiple Cross-Site Scripting Vulnerabilities in Cisco Customer Voice Portal",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3325"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140717 Multiple Cross-Site Scripting Vulnerabilities in Cisco Customer Voice Portal",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325"
            },
            {
              "name": "68691",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/68691"
            },
            {
              "name": "60546",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/60546"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-01-12T14:08Z",
      "publishedDate": "2014-07-19T19:55Z"
    }
  }
}

fkie_cve-2014-3325

Vulnerability from fkie_nvd

Published

2014-07-19 19:55

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://secunia.com/advisories/60546
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/68691	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60546
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/68691	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	cisco	unified_customer_voice_portal	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70BC640C-BA51-4911-9537-C13F71C206BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en Cisco Unified Customer Voice Portal (CVP) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro manipulado, tambi\u00e9n conocido como Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731 y CSCuh61733."
    }
  ],
  "id": "CVE-2014-3325",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-19T19:55:06.450",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/60546"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/68691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/68691"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-x6mp-h6hg-2wfg

Vulnerability from github

Published

2022-05-17 03:05

Modified

2022-05-17 03:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3325"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-07-19T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733.",
  "id": "GHSA-x6mp-h6hg-2wfg",
  "modified": "2022-05-17T03:05:05Z",
  "published": "2022-05-17T03:05:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3325"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60546"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3325"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/68691"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-3325 (GCVE-0-2014-3325)

Vulnerability from cvelistv5

var-201407-0388

Vulnerability from variot

gsd-2014-3325

Vulnerability from gsd

fkie_cve-2014-3325

Vulnerability from fkie_nvd

ghsa-x6mp-h6hg-2wfg

Vulnerability from github

Tags

Sightings

Nomenclature