XSS in Cisco Socialminer

CVE-2015-6356

Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (49.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Socialminer — versions 10.0\(1\)
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

1034048 (vdb-entry, x_refsource_SECTRACK)
20151103 Cisco SocialMiner WeChat Page Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)