- Description
- Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
- Comment
- Per: http://tools.cisco.com/security/center/viewAlert.x?alertId=35031 "The security vulnerability applies to the following combinations of products. Primary Products: Cisco Cisco TelePresence Server Software 3.0 (2.24) | 3.1 (1.98) | 4.0 (1.57), (2.8)"
- Impact
- -
- Solution
- -
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.24\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE67D1A0-522A-4FEB-A59E-27D8E8FA3196"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.98\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D515279-816E-43A1-8A8F-364F5DE5B919"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(1.57\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71B3BA0E-F4D1-484D-987D-F96DD3DECDB9"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(2.8\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28A70BA8-B132-4EAC-A9C5-706B5BE7D837"
}
],
"operator": "OR"
}
]
}
]