CVE-2014-0735 — Cross-site Scripting in Cisco Unified Communications Manager

CWE-79 — Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 48.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Communications Manager
Timeline
PublishedFeb 20
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hcj4-6pg8-xg65: Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10↗2022-05-17
â–¶
CVEList
CVE-2014-0735: Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10↗2014-02-20
â–¶

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager IPMA Reflected Cross-Site Scripting Vulnerability↗2014-02-19
â–¶
CVE-2014-0735 — Cross-site Scripting in Cisco | cvebase