XSS in Cisco Context_directory_agent

CVE-2014-0652

Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (68.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Context_directory_agent
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

64703 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
101803 (x_refsource_OSVDB, vdb-entry)
20140107 Cisco Context Directory Agent Mappings Page Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
56365 (x_refsource_SECUNIA, third-party-advisory)
cisco-cda-cve20140652-xss(90167) (vdb-entry, x_refsource_XF)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
1029572 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)