SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2014-3363

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.5
Exploit Score: 6.8
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

SECTRACK-1030836

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363

SECUNIA-59105

BID-69739

cisco-ucm-cve20143363-xss(95882)

http://tools.cisco.com/security/center/viewAlert.x?alertId=35672


30479



423868



249622



909



195521



282