Details of VAR-201412-0308

ID

VAR-201412-0308

CVE

CVE-2014-8026

TITLE

Cisco Jabber Guest Server cross-site scripting vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2014-007365 // CNNVD: CNNVD-201412-474

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID CSCus08074. Cisco Jabber is a cross-device collaboration system developed by Cisco. The system provides functions such as voice, video, desktop sharing and conferencing

Trust: 2.07

sources: NVD: CVE-2014-8026 // JVNDB: JVNDB-2014-007365 // BID: 71769 // VULHUB: VHN-75971 // VULMON: CVE-2014-8026

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber guest	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	jabber guest	scope:	eq	version:	*	Trust: 1.0

sources: JVNDB: JVNDB-2014-007365 // CNNVD: CNNVD-201412-474 // NVD: CVE-2014-8026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8026
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8026
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201412-474
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-75971
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-8026
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8026
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-75971
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-75971 // VULMON: CVE-2014-8026 // JVNDB: JVNDB-2014-007365 // CNNVD: CNNVD-201412-474 // NVD: CVE-2014-8026

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-75971 // JVNDB: JVNDB-2014-007365 // NVD: CVE-2014-8026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-474

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201412-474

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007365

PATCH

title:	Cisco Jabber Guest Server Cross-Site Scripting Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8026	Trust: 0.8
title:	Cisco: Cisco Jabber Guest Server Cross-Site Scripting Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150107-CVE-2014-8026	Trust: 0.1

sources: VULMON: CVE-2014-8026 // JVNDB: JVNDB-2014-007365

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8026	Trust: 2.9
db:	BID	id:	71769	Trust: 1.5
db:	SECTRACK	id:	1031422	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-007365	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-474	Trust: 0.7
db:	VULHUB	id:	VHN-75971	Trust: 0.1
db:	VULMON	id:	CVE-2014-8026	Trust: 0.1

sources: VULHUB: VHN-75971 // VULMON: CVE-2014-8026 // BID: 71769 // JVNDB: JVNDB-2014-007365 // CNNVD: CNNVD-201412-474 // NVD: CVE-2014-8026

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8026	Trust: 1.8
url:	http://www.securityfocus.com/bid/71769	Trust: 1.3
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=36872	Trust: 1.2
url:	http://www.securitytracker.com/id/1031422	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8026	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8026	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150107-cve-2014-8026	Trust: 0.1

sources: VULHUB: VHN-75971 // VULMON: CVE-2014-8026 // BID: 71769 // JVNDB: JVNDB-2014-007365 // CNNVD: CNNVD-201412-474 // NVD: CVE-2014-8026

CREDITS

Cisco

Trust: 0.3

sources: BID: 71769

SOURCES

db:	VULHUB	id:	VHN-75971
db:	VULMON	id:	CVE-2014-8026
db:	BID	id:	71769
db:	JVNDB	id:	JVNDB-2014-007365
db:	CNNVD	id:	CNNVD-201412-474
db:	NVD	id:	CVE-2014-8026

LAST UPDATE DATE

2025-04-13T23:23:51.439000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-75971	date:	2017-01-03T00:00:00
db:	VULMON	id:	CVE-2014-8026	date:	2017-01-03T00:00:00
db:	BID	id:	71769	date:	2015-01-12T00:03:00
db:	JVNDB	id:	JVNDB-2014-007365	date:	2014-12-24T00:00:00
db:	CNNVD	id:	CNNVD-201412-474	date:	2014-12-23T00:00:00
db:	NVD	id:	CVE-2014-8026	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-75971	date:	2014-12-23T00:00:00
db:	VULMON	id:	CVE-2014-8026	date:	2014-12-23T00:00:00
db:	BID	id:	71769	date:	2014-12-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-007365	date:	2014-12-24T00:00:00
db:	CNNVD	id:	CNNVD-201412-474	date:	2014-12-23T00:00:00
db:	NVD	id:	CVE-2014-8026	date:	2014-12-23T02:59:06.593