CVE-2014-0670

Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670	Vendor Advisory
http://www.securitytracker.com/id/1029667	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/65053	Third Party Advisory VDB Entry
http://secunia.com/advisories/56563
http://tools.cisco.com/security/center/viewAlert.x?alertId=32514	Vendor Advisory
http://osvdb.org/102319
https://exchange.xforce.ibmcloud.com/vulnerabilities/90615

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:mediasense:-:*:*:*:*:*:*:*

Information

Published : 2014-01-21 21:22

Updated : 2017-08-28 18:34

NVD link : CVE-2014-0670

Mitre link : CVE-2014-0670

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

cisco

mediasense

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670", "name": "20140121 Cisco MediaSense Search and Play Cross-Site Scripting Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securitytracker.com/id/1029667", "name": "1029667", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/65053", "name": "65053", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/56563", "name": "56563", "tags": [], "refsource": "SECUNIA"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32514", "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32514", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://osvdb.org/102319", "name": "102319", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90615", "name": "cisco-mediasense-cve20140670-xss(90615)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-0670", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2014-01-22T05:22Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:mediasense:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:34Z"}