Lucene search

[email protected]CVE-2014-0670

HistoryJan 22, 2014 - 5:22 a.m.

CVE-2014-0670

2014-01-2205:22:20

CWE-79

[email protected]

web.nvd.nist.gov

cisco

mediasense

xss

vulnerability

cve-2014-0670

nvd

cisco security advisory

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.0%

JSON

Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.

Affected configurations

NVD

Node

ciscomediasenseMatch-

CPENameOperatorVersion
cisco:mediasensecisco mediasenseeq-

CPE	Name	Operator	Version
cisco:mediasense	cisco mediasense	eq	-

References

osvdb.org/102319

secunia.com/advisories/56563

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670

tools.cisco.com/security/center/viewAlert.x?alertId=32514

www.securityfocus.com/bid/65053

www.securitytracker.com/id/1029667

exchange.xforce.ibmcloud.com/vulnerabilities/90615

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.0%

JSON

Related for CVE-2014-0670

prion1 nvd1 cvelist1 cisco1