Lucene search

[email protected]CVE-2015-6416

HistoryDec 14, 2015 - 3:59 a.m.

CVE-2015-6416

2015-12-1403:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2015

6416

cross-site scripting

xss

vulnerability

cisco

unified email interaction manager

unified web interaction manager

bug id

cscuw24479

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.7%

JSON

Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479.

CPENameOperatorVersion
cisco:unified_web_and_e-mail_interaction_managercisco unified web and e-mail interaction managereq11.0\(1\)

CPE	Name	Operator	Version
cisco:unified_web_and_e-mail_interaction_manager	cisco unified web and e-mail interaction manager	eq	11.0\(1\)

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-uim

www.securityfocus.com/bid/79034

www.securitytracker.com/id/1034382

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.7%

JSON

Related for CVE-2015-6416

prion1 cvelist1 cisco1