CVE-2014-2104

EUVD-2014-2144
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
ciscounified_communications_domain_manager
9.0\(.1\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2104
http://tools.cisco.com/security/center/viewAlert.x?alertId=33111
http://www.securityfocus.com/bid/65869
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2104
http://tools.cisco.com/security/center/viewAlert.x?alertId=33111
http://www.securityfocus.com/bid/65869