Lucene search

PRIOn knowledge basePRION:CVE-2012-4970

HistoryJan 01, 2013 - 12:35 p.m.

Cross site scripting

2013-01-0112:35:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.2%

JSON

Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
hdx_system_softwareeq<= 2.7.1-j
hdx_system_softwareeq2.0.5-j
hdx_system_softwareeq2.5.0.7
hdx_system_softwareeq2.5.7103
hdx_system_softwareeq2.6.1
hdx_system_softwareeq2.6.1.3
hdx_system_softwareeq2.7.0-j
hdx_system_softwarele3.0.4
hdx_system_softwareeq3.0.0
hdx_system_softwareeq3.0.0.1

Name	Operator	Version
hdx_system_software	eq	<= 2.7.1-j
hdx_system_software	eq	2.0.5-j
hdx_system_software	eq	2.5.0.7
hdx_system_software	eq	2.5.7103
hdx_system_software	eq	2.6.1
hdx_system_software	eq	2.6.1.3
hdx_system_software	eq	2.7.0-j
hdx_system_software	le	3.0.4
hdx_system_software	eq	3.0.0
hdx_system_software	eq	3.0.0.1

Rows per page:

1-10 of 151

References

archives.neohapsis.com/archives/bugtraq/2012-12/0146.html

knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf

www.securitytracker.com/id?1027926

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.2%

JSON

Related for PRION:CVE-2012-4970