CVE-2015-0696

Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
ciscotelepresence_tc_software
6.0.0
ciscotelepresence_tc_software
6.0.0-cucm
ciscotelepresence_tc_software
6.0.1
ciscotelepresence_tc_software
6.0.1-cucm
ciscotelepresence_tc_software
6.0.2
ciscotelepresence_tc_software
6.0_base:_base
ciscotelepresence_tc_software
6.1.0
ciscotelepresence_tc_software
6.1.0-cucm
ciscotelepresence_tc_software
6.1.1
ciscotelepresence_tc_software
6.1.1-cucm
ciscotelepresence_tc_software
6.1.2
ciscotelepresence_tc_software
6.1.2-cucm
ciscotelepresence_tc_software
6.1_base:_base
ciscotelepresence_tc_software
6.3_base:_base
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=38349
http://www.securitytracker.com/id/1032137
http://tools.cisco.com/security/center/viewAlert.x?alertId=38349
http://www.securitytracker.com/id/1032137