CVE-2014-3265

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.4%
top 37.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Security Manager
Timeline
PublishedMay 20
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5xwm-pgq9-vqgc: Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 42022-05-17
CVEList
CVE-2014-3265: Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 42014-05-20

📋Vendor Advisories

1
Cisco
Cisco Security Manager AUS Cross-Site Scripting Vulnerability2014-05-19
CVE-2014-3265 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io