CVE-2015-0714Cross-site Scripting in Cisco Finesse

CWE-79Cross-site Scripting7 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 50.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Finesse
Timeline
PublishedMay 2
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDcisco/finesse4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-qmpj-6g27-gqf7: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 102022-05-17
CVEList
CVE-2015-0714: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 102015-05-02

📋Vendor Advisories

1
Cisco
Cisco Finesse Server Cross-Site Scripting Vulnerability2015-05-01
CVE-2015-0714 — Cross-site Scripting in Cisco Finesse | cvebase