CVE-2015-0727

CWE-79 — Cross-site Scripting (XSS)6 documents6 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 50.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Security Manager
Timeline
PublishedMay 15
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27789.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDcisco/security_manager4.7\(0\)

🔴Vulnerability Details

2
GHSA
GHSA-vq2f-2pxq-w3r5: Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4↗2022-05-17
â–¶
CVEList
CVE-2015-0727: Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4↗2015-05-15
â–¶

💥Exploits & PoCs

1
Exploit-DB
NTP - Local Privilege Escalation↗2016-01-21
â–¶

📋Vendor Advisories

1
Cisco
Cisco Security Manager Cross-Site Scripting Vulnerability↗2015-05-13
â–¶

💬Community

1
Bugzilla
CVE-2016-0727 ntp: Privilege escalation via cronjob↗2016-10-06
â–¶
CVE-2015-0727 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io