CVE-2015-6402
published 2015-12-14CVE-2015-6402: Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to…
PriorityP428medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
7.18%
93.5th percentile
Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | epc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice | — | — |
| cisco | epc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice | — | — |
| cisco | epc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice | — | — |
| cisco | wireless_residential_gateway_stored | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability
vendor_cisco·2015-12-08·CVSS 4.3
CVE-2015-6402 [MEDIUM] CWE-79 Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability
Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of the Cisco EPC3928 Wireless Residential Gateway could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system.
The vulnerability is due to insufficient input validation of user-supplied value and a lack of encoding of user-supplied data. An attacker could exploit this vulnerability by convincing a user to click on a malicious link.
Additional information about XSS attacks and potential mitigations can be found at the following links:
http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html
https://www.owasp.org/index.php/Cross-site_
Cisco
Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability
vendor_cisco
CVE-2015-6402 Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability
CVE-2015-6402: Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of the Cisco EPC3928 Wireless Residential Gateway could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of user-supplied value and a lack of encoding of user-supplied data. An attacker could exploit this vulnerability by convincing a user to click on a malicious link. Additional information about XSS attacks and potential mitigations can be found at the following links: http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html https://www.owasp.org/index.php/C
GHSA
GHSA-79cv-2938-whjg: Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5
ghsa_unreviewed·2022-05-17
CVE-2015-6402 [MEDIUM] CWE-79 GHSA-79cv-2938-whjg: Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5
Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935.
No detection rules found.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-wrghttp://www.securitytracker.com/id/1034346https://www.exploit-db.com/exploits/39904/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-wrghttp://www.securitytracker.com/id/1034346https://www.exploit-db.com/exploits/39904/
2015-12-14
Published