gsd - gsd-2014-3363

gsd-2014-3363

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.

Aliases

CVE-2014-3363

Aliases

CVE-2014-3363

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3363",
    "description": "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.",
    "id": "GSD-2014-3363"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3363"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.",
      "id": "GSD-2014-3363",
      "modified": "2023-12-13T01:22:53.329432Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-3363",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20140910 Cisco Unified Communications Manager Cross-Site Redirection Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363"
          },
          {
            "name": "1030836",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030836"
          },
          {
            "name": "cisco-ucm-cve20143363-xss(95882)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95882"
          },
          {
            "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672"
          },
          {
            "name": "69739",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/69739"
          },
          {
            "name": "59105",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59105"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(2.10000.28\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3363"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140910 Cisco Unified Communications Manager Cross-Site Redirection Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672"
            },
            {
              "name": "1030836",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030836"
            },
            {
              "name": "69739",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/69739"
            },
            {
              "name": "59105",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59105"
            },
            {
              "name": "cisco-ucm-cve20143363-xss(95882)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95882"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-29T01:34Z",
      "publishedDate": "2014-09-12T01:55Z"
    }
  }
}

CVE-2014-3363 (GCVE-0-2014-3363)

Vulnerability from cvelistv5

Published

2014-09-12 01:00

Modified

2024-08-06 10:43

Severity ?

CWE

Summary

References

URL

Tags

	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id/1030836	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/95882	vdb-entry, x_refsource_XF
	http://tools.cisco.com/security/center/viewAlert.x?alertId=35672	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/69739	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/59105	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website