CVE-2016-6429
published 2016-11-03CVE-2016-6429: A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to…
PriorityP426medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
0.83%
53.0th percentile
A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. More Information: CSCva47092. Known Affected Releases: 4.10(1).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability
vendor_cisco·2016-10-26·CVSS 4.3
CVE-2016-6429 [MEDIUM] CWE-79 Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability
Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.
Cisco has not released software updates that address this vulnera
Cisco
Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability
vendor_cisco
CVE-2016-6429 Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability
CVE-2016-6429: Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco has not released software updates that address
GHSA
GHSA-q25r-fmwv-q253: A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote att
ghsa_unreviewed·2022-05-17
CVE-2016-6429 [MEDIUM] CWE-79 GHSA-q25r-fmwv-q253: A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote att
A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. More Information: CSCva47092. Known Affected Releases: 4.10(1).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-11-03
Published