Описание
Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до x6.1 (включая)
Одновременно
cpe:2.3:h:cisco:telepresence_video_communication_servers:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:a:cisco:telepresence_video_communication_servers_software:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_servers_software:x5.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_servers_software:x6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00454
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342.
EPSS
Процентиль: 63%
0.00454
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79