CVE-2014-3329
published 2014-07-29CVE-2014-3329: Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.17%
80.0th percentile
Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | prime_data_center_network_manager | <= 6.3\(2\) | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p9w7-pqf8-8w79: Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6
ghsa_unreviewed·2022-05-17
CVE-2014-3329 [MEDIUM] CWE-79 GHSA-p9w7-pqf8-8w79: Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6
Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620.
Cisco
Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability
vendor_cisco·2014-07-28·CVSS 4.3
CVE-2014-3329 [MEDIUM] CWE-79 Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability
Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability
A vulnerability in the web server hosting the Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against the user of the web interface.
The issue is due to insufficient input validation of parameters by the web server. An attacker could exploit this issue by convincing a user to access a malicious link.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.
Cisco indicates through the CVSS score that f
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3329http://tools.cisco.com/security/center/viewAlert.x?alertId=35065http://www.securityfocus.com/bid/68926http://www.securitytracker.com/id/1030652https://exchange.xforce.ibmcloud.com/vulnerabilities/94889http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3329http://tools.cisco.com/security/center/viewAlert.x?alertId=35065http://www.securityfocus.com/bid/68926http://www.securitytracker.com/id/1030652https://exchange.xforce.ibmcloud.com/vulnerabilities/94889
2014-07-29
Published