CVE-2014-2125 — Cross-site Scripting in Cisco Unity Connection

CWE-79 — Cross-site Scripting CWE-125 — Out-of-bounds Read CWE-200 — Sensitive Information Exposure CWE-451 — User Interface (UI) Misrepresentation of Critical Information CWE-416 — Use After Free27 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 44.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unity Connection

Timeline

PublishedApr 2

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/unity_connection8.6+3

🔴Vulnerability Details

GHSA

GHSA-mhp5-9hjj-mhrx: Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8↗2022-05-17

▶

CVEList

CVE-2014-2125: Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8↗2014-04-02

▶

📋Vendor Advisories

Red Hat

chromium-browser: Address bar spoofing↗2014-11-18

▶

Red Hat

v8: multiple unspecified issues fixed in Google Chrome 38.0.2125.101↗2014-10-08

▶

Red Hat

chromium: multiple unspecified issues fixed in Chrome 38.0.2125.101↗2014-10-07

▶

Red Hat

chromium: OOB reads in PDFium fixed in Chrome 38.0.2125.101↗2014-10-07

▶

Red Hat

chromium: information leak in XSS Auditor fixed in Chrome 38.0.2125.101↗2014-10-07

▶

💬Community

Bugzilla

CVE-2014-3200 chromium: multiple unspecified issues fixed in Chrome 38.0.2125.101↗2014-10-10

▶

Bugzilla

CVE-2014-3197 chromium: information leak in XSS Auditor fixed in Chrome 38.0.2125.101↗2014-10-10

▶

Bugzilla

CVE-2014-3190 CVE-2014-3191 CVE-2014-3193 CVE-2014-3199 chromium: multiple security fixes in Chrome 38.0.2125.101↗2014-10-10

▶

Bugzilla

CVE-2014-3192 chromium: use-after-free in DOM, fixed in Chrome 38.0.2125.101↗2014-10-10

▶

Bugzilla

CVE-2014-3194 chromium: use-after-free issue in Web Workers fixed in Chrome 38.0.2125.101↗2014-10-10

▶