CVE-2014-3265

Опубликовано: 20 мая 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3265
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=34274
Vendor Advisory
http://www.securitytracker.com/id/1030260
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3265
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=34274
Vendor Advisory
http://www.securitytracker.com/id/1030260
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:security_manager:4.2:-:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.0043

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5xwm-pgq9-vqgc

github

больше 3 лет назад