CVE-2014-2118

Published Mar 27, 2014

Last updated 3 months ago

CVSS info 4.3

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "457CCC35-449B-4002-89FB-3D22BD4F34A8",
            "versionEndIncluding": "9.2.1-2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62F52A82-C8A8-4692-9232-E4ACE5714BC4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6919AA10-28A4-46BD-A491-0C0130B4C385"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.2-29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "308EBED0-E069-4B8D-BE7B-5FB3940491FA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.2-42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "657AC52E-EF40-49D9-A0F9-F9BDA8A67B4D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.3-8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7FBB326-9011-434D-B142-5C6B1F422442"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.3-10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91D0E148-44D5-4A48-B33B-E5D891AC7F56"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.3-13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D123EB5-1B8F-484B-818D-FD221E7531FA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B316BD78-7FCF-4A66-897B-000065AB5261"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.2.1-1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB3F163F-4C7F-462A-8229-1D98C85B7D59"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References