CVE-2013-1114
published 2013-02-13CVE-2013-1114: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via…
PriorityP428medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
10.27%
95.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | unity_express_software | <= 7.4 | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Unity Express Cross-Site Scripting Vulnerabilities
vendor_cisco·2013-02-01·CVSS 4.3
CVE-2013-1114 [MEDIUM] CWE-79 Cisco Unity Express Cross-Site Scripting Vulnerabilities
Cisco Unity Express Cross-Site Scripting Vulnerabilities
Cisco Unity Express contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.
The vulnerabilities are due to insufficient sanitization of user-supplied input processed by the Cisco Unity Express software. An unauthenticated, remote attacker could exploit these vulnerabilities by convincing a user to follow a malicious link that is designed to submit malicious requests to the affected software. If successful, the attacker could perform certain unauthorized actions on the vulnerable software, which could be used to conduct further attacks on the system.
Cisco has confirmed the vulnerabilities in a security notice; however, software updates are not available.
To
GHSA
GHSA-cm98-6c92-5v38: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8
ghsa_unreviewed·2022-05-17
CVE-2013-1114 [MEDIUM] CWE-79 GHSA-cm98-6c92-5v38: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
No detection rules found.
No writeups or analysis indexed.
2013-02-13
Published