Sign-up

ID

VAR-201412-0304


CVE

CVE-2014-8018


TITLE

Cisco Unified Communications Domain Manager Application software Business Voice Services Manager Page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-007362

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661. Vendors have confirmed this vulnerability Bug ID CSCur19651 , CSCur18555 , CSCur19630 ,and CSCur19661 It is released as.Skillfully crafted by a third party URL Through any Web Script or HTML May be inserted. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. These issues are being tracked by Cisco Bug IDs CSCur19651, CSCur18555, CSCur19630 and CSCur19661. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2014-8018 // JVNDB: JVNDB-2014-007362 // BID: 71771 // VULHUB: VHN-75963

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.0

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:8

Trust: 0.8

sources: JVNDB: JVNDB-2014-007362 // CNNVD: CNNVD-201412-466 // NVD: CVE-2014-8018

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8018
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8018
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-466
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75963
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8018
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75963
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75963 // JVNDB: JVNDB-2014-007362 // CNNVD: CNNVD-201412-466 // NVD: CVE-2014-8018

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-75963 // JVNDB: JVNDB-2014-007362 // NVD: CVE-2014-8018

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-466

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201412-466

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007362

PATCH
title:Cisco Unified Communications Domain Manager XSS Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8018
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007362

EXTERNAL IDS
db:NVDid:CVE-2014-8018
Trust: 2.8
db:BIDid:71771
Trust: 1.4
db:SECTRACKid:1031424
Trust: 1.1
db:JVNDBid:JVNDB-2014-007362
Trust: 0.8
db:CNNVDid:CNNVD-201412-466
Trust: 0.7
db:VULHUBid:VHN-75963
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75963 // 
            
            
            
            BID: 71771 // 
            
            
            
            JVNDB: JVNDB-2014-007362 // 
            
            
            
            CNNVD: CNNVD-201412-466 // 
            
            
            
            NVD: CVE-2014-8018

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8018
Trust: 1.7
url:http://www.securityfocus.com/bid/71771
Trust: 1.1
url:http://www.securitytracker.com/id/1031424
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8018
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8018
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75963 // 
            
            
            
            BID: 71771 // 
            
            
            
            JVNDB: JVNDB-2014-007362 // 
            
            
            
            CNNVD: CNNVD-201412-466 // 
            
            
            
            NVD: CVE-2014-8018

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71771

SOURCES
db:VULHUBid:VHN-75963
db:BIDid:71771
db:JVNDBid:JVNDB-2014-007362
db:CNNVDid:CNNVD-201412-466
db:NVDid:CVE-2014-8018

LAST UPDATE DATE
2025-04-13T23:21:19.523000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75963date:2017-01-03T00:00:00
db:BIDid:71771date:2015-01-12T00:02:00
db:JVNDBid:JVNDB-2014-007362date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-466date:2014-12-23T00:00:00
db:NVDid:CVE-2014-8018date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-75963date:2014-12-22T00:00:00
db:BIDid:71771date:2014-12-22T00:00:00
db:JVNDBid:JVNDB-2014-007362date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-466date:2014-12-23T00:00:00
db:NVDid:CVE-2014-8018date:2014-12-22T19:59:02.303