CVE-2015-4310

CWE-79 — Cross-site Scripting (XSS)CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.5%

top 35.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Finesse

Timeline

PublishedAug 19

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug IDs CSCuq82322, CSCut95853, and CSCuq73975.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/finesse10.5\(1\)_base

🔴Vulnerability Details

GHSA

GHSA-5h59-mr8x-4c4q: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10↗2022-05-17

▶

CVEList

CVE-2015-4310: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10↗2015-08-19

▶

📋Vendor Advisories

Cisco

Multiple Cisco Finesse Cross-Site Scripting Vulnerabilities↗2015-08-18

▶