XSS in Cisco Telepresence_server_software
CVE-2014-3324
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.006 (68.7th percentile) — read the EPSS interpretation.
Affected products
- Cisco Telepresence_server_software — versions 3.0\(2.24\), 3.1\(1.98\), 4.0\(1.57\)
- N/a — versions n/a
Weakness classification (CWE)
References
- 20140724 Cisco TelePresence Management Interface Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 60456 (x_refsource_SECUNIA, third-party-advisory)
- 68885 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- 1030640 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- cisco-telepresence-cve20143324-xss(94847) (vdb-entry, x_refsource_XF)
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)