CVE-2015-6402

Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
ciscoepc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice_adapter
5.5.10
ciscoepc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice_adapter
5.5.11
ciscoepc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice_adapter
5.7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-wrg
http://www.securitytracker.com/id/1034346
https://www.exploit-db.com/exploits/39904/
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-wrg
http://www.securitytracker.com/id/1034346
https://www.exploit-db.com/exploits/39904/