CVE-2015-4294

2015-08-0101:59:17

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-4294

cross-site scripting

xss

cisco

presence service

bug id

cscut41766

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.1%

JSON

Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766.

Affected configurations

NVD

Node

ciscounified_communications_manager_im_and_presence_serviceMatch9.0\(1\)

ciscounified_communications_manager_im_and_presence_serviceMatch9.1\(1\)

ciscounified_communications_manager_im_and_presence_serviceMatch10.5\(1\)

CPENameOperatorVersion
cisco:unified_communications_manager_im_and_presence_servicecisco unified communications manager im and presence serviceeq9.0\(1\)
cisco:unified_communications_manager_im_and_presence_servicecisco unified communications manager im and presence serviceeq9.1\(1\)
cisco:unified_communications_manager_im_and_presence_servicecisco unified communications manager im and presence serviceeq10.5\(1\)

CPE	Name	Operator	Version
cisco:unified_communications_manager_im_and_presence_service	cisco unified communications manager im and presence service	eq	9.0\(1\)
cisco:unified_communications_manager_im_and_presence_service	cisco unified communications manager im and presence service	eq	9.1\(1\)
cisco:unified_communications_manager_im_and_presence_service	cisco unified communications manager im and presence service	eq	10.5\(1\)