Sign-up

ID

VAR-201502-0173


CVE

CVE-2015-0655


TITLE

Cisco Unified Web and E-Mail Interaction Manager of Unified Web Interaction Manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-001644

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID's CSCus74184 and CSCuv94800. Web Interaction Manager is a product that can help call center business representatives use websites and text chats or real-time Web collaboration to answer customer questions; E-mail Interaction Manager is a product used to manage a large number of customer emails submitted to corporate mailboxes or websites

Trust: 1.98

sources: NVD: CVE-2015-0655 // JVNDB: JVNDB-2015-001644 // BID: 72824 // VULHUB: VHN-78601

AFFECTED PRODUCTS

vendor:ciscomodel:unified web and e-mail interaction managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified web and e-mail interaction managerscope:eqversion:9.0 (1)

Trust: 0.8

vendor:ciscomodel:unified web and e-mail interaction managerscope:eqversion:9.0 (2)

Trust: 0.8

sources: JVNDB: JVNDB-2015-001644 // CNNVD: CNNVD-201502-473 // NVD: CVE-2015-0655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0655
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0655
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201502-473
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78601
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0655
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78601
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78601 // JVNDB: JVNDB-2015-001644 // CNNVD: CNNVD-201502-473 // NVD: CVE-2015-0655

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78601 // JVNDB: JVNDB-2015-001644 // NVD: CVE-2015-0655

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-473

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201502-473

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001644

PATCH
title:Cisco Unified Web Interaction Manager Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0655
Trust: 0.8
title:37680url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37680
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001644

EXTERNAL IDS
db:NVDid:CVE-2015-0655
Trust: 2.8
db:BIDid:72824
Trust: 1.4
db:SECTRACKid:1031820
Trust: 1.1
db:JVNDBid:JVNDB-2015-001644
Trust: 0.8
db:CNNVDid:CNNVD-201502-473
Trust: 0.7
db:VULHUBid:VHN-78601
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78601 // 
            
            
            
            BID: 72824 // 
            
            
            
            JVNDB: JVNDB-2015-001644 // 
            
            
            
            CNNVD: CNNVD-201502-473 // 
            
            
            
            NVD: CVE-2015-0655

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0655
Trust: 2.0
url:http://www.securityfocus.com/bid/72824
Trust: 1.1
url:http://www.securitytracker.com/id/1031820
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0655
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0655
Trust: 0.8
url:http://tools.cisco.com/security/center/viewalert.x?alertid=37680
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78601 // 
            
            
            
            BID: 72824 // 
            
            
            
            JVNDB: JVNDB-2015-001644 // 
            
            
            
            CNNVD: CNNVD-201502-473 // 
            
            
            
            NVD: CVE-2015-0655

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72824

SOURCES
db:VULHUBid:VHN-78601
db:BIDid:72824
db:JVNDBid:JVNDB-2015-001644
db:CNNVDid:CNNVD-201502-473
db:NVDid:CVE-2015-0655

LAST UPDATE DATE
2025-04-13T23:42:04.995000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78601date:2015-11-02T00:00:00
db:BIDid:72824date:2015-10-26T16:22:00
db:JVNDBid:JVNDB-2015-001644date:2015-03-03T00:00:00
db:CNNVDid:CNNVD-201502-473date:2015-03-02T00:00:00
db:NVDid:CVE-2015-0655date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-78601date:2015-02-28T00:00:00
db:BIDid:72824date:2015-02-27T00:00:00
db:JVNDBid:JVNDB-2015-001644date:2015-03-03T00:00:00
db:CNNVDid:CNNVD-201502-473date:2015-02-27T00:00:00
db:NVDid:CVE-2015-0655date:2015-02-28T02:59:11.830