Details of VAR-201401-0358

ID

VAR-201401-0358

CVE

CVE-2014-0652

TITLE

Cisco Context Directory Agent Cross-site scripting vulnerability in the mapping page

Trust: 0.8

sources: JVNDB: JVNDB-2014-001010

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuj45358

Trust: 2.07

sources: NVD: CVE-2014-0652 // JVNDB: JVNDB-2014-001010 // BID: 64703 // VULHUB: VHN-68145 // VULMON: CVE-2014-0652

AFFECTED PRODUCTS

vendor:	cisco	model:	context directory agent	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	context directory agent	scope:	eq	version:	1.0	Trust: 0.8

sources: JVNDB: JVNDB-2014-001010 // CNNVD: CNNVD-201401-105 // NVD: CVE-2014-0652

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0652
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0652
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201401-105
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68145
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-0652
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0652
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-68145
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68145 // VULMON: CVE-2014-0652 // JVNDB: JVNDB-2014-001010 // CNNVD: CNNVD-201401-105 // NVD: CVE-2014-0652

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-68145 // JVNDB: JVNDB-2014-001010 // NVD: CVE-2014-0652

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-105

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201401-105

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001010

PATCH

title:	Cisco Context Directory Agent Mappings Page Cross-Site Scripting Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0652	Trust: 0.8
title:	32365	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32365	Trust: 0.8
title:	Cisco: Cisco Context Directory Agent Mappings Page Cross-Site Scripting Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20140109-CVE-2014-0652	Trust: 0.1

sources: VULMON: CVE-2014-0652 // JVNDB: JVNDB-2014-001010

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0652	Trust: 2.9
db:	BID	id:	64703	Trust: 1.5
db:	SECTRACK	id:	1029572	Trust: 1.2
db:	SECUNIA	id:	56365	Trust: 1.2
db:	OSVDB	id:	101803	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-001010	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-105	Trust: 0.7
db:	CISCO	id:	20140107 CISCO CONTEXT DIRECTORY AGENT MAPPINGS PAGE CROSS-SITE SCRIPTING VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-68145	Trust: 0.1
db:	VULMON	id:	CVE-2014-0652	Trust: 0.1

sources: VULHUB: VHN-68145 // VULMON: CVE-2014-0652 // BID: 64703 // JVNDB: JVNDB-2014-001010 // CNNVD: CNNVD-201401-105 // NVD: CVE-2014-0652

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0652	Trust: 1.8
url:	http://www.securityfocus.com/bid/64703	Trust: 1.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32365	Trust: 1.2
url:	http://osvdb.org/101803	Trust: 1.2
url:	http://www.securitytracker.com/id/1029572	Trust: 1.2
url:	http://secunia.com/advisories/56365	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90167	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0652	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0652	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140109-cve-2014-0652	Trust: 0.1

sources: VULHUB: VHN-68145 // VULMON: CVE-2014-0652 // BID: 64703 // JVNDB: JVNDB-2014-001010 // CNNVD: CNNVD-201401-105 // NVD: CVE-2014-0652

CREDITS

Cisco

Trust: 0.3

sources: BID: 64703

SOURCES

db:	VULHUB	id:	VHN-68145
db:	VULMON	id:	CVE-2014-0652
db:	BID	id:	64703
db:	JVNDB	id:	JVNDB-2014-001010
db:	CNNVD	id:	CNNVD-201401-105
db:	NVD	id:	CVE-2014-0652

LAST UPDATE DATE

2025-04-11T22:53:07.575000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68145	date:	2017-08-29T00:00:00
db:	VULMON	id:	CVE-2014-0652	date:	2017-08-29T00:00:00
db:	BID	id:	64703	date:	2014-01-14T01:51:00
db:	JVNDB	id:	JVNDB-2014-001010	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201401-105	date:	2014-01-09T00:00:00
db:	NVD	id:	CVE-2014-0652	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68145	date:	2014-01-08T00:00:00
db:	VULMON	id:	CVE-2014-0652	date:	2014-01-08T00:00:00
db:	BID	id:	64703	date:	2014-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001010	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201401-105	date:	2014-01-09T00:00:00
db:	NVD	id:	CVE-2014-0652	date:	2014-01-08T21:55:06.240