Sign-up

ID

VAR-201506-0308


CVE

CVE-2015-4220


TITLE

Cisco Unified Presence Server Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-003285

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuq03773. This component is responsible for collecting the user's availability status and communication capability information

Trust: 1.98

sources: NVD: CVE-2015-4220 // JVNDB: JVNDB-2015-003285 // BID: 75407 // VULHUB: VHN-82181

AFFECTED PRODUCTS

vendor:ciscomodel:unified presence serverscope:eqversion:9.1\(1\)

Trust: 1.6

vendor:ciscomodel:unified presence serverscope:eqversion:9.1(1)

Trust: 1.1

sources: BID: 75407 // JVNDB: JVNDB-2015-003285 // CNNVD: CNNVD-201506-516 // NVD: CVE-2015-4220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4220
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4220
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-516
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82181
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4220
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82181
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82181 // JVNDB: JVNDB-2015-003285 // CNNVD: CNNVD-201506-516 // NVD: CVE-2015-4220

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-82181 // JVNDB: JVNDB-2015-003285 // NVD: CVE-2015-4220

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-516

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201506-516

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003285

PATCH
title:39504url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39504
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003285

EXTERNAL IDS
db:NVDid:CVE-2015-4220
Trust: 2.8
db:BIDid:75407
Trust: 1.4
db:SECTRACKid:1032717
Trust: 1.1
db:JVNDBid:JVNDB-2015-003285
Trust: 0.8
db:CNNVDid:CNNVD-201506-516
Trust: 0.7
db:VULHUBid:VHN-82181
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82181 // 
            
            
            
            BID: 75407 // 
            
            
            
            JVNDB: JVNDB-2015-003285 // 
            
            
            
            CNNVD: CNNVD-201506-516 // 
            
            
            
            NVD: CVE-2015-4220

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39504
Trust: 2.0
url:http://www.securityfocus.com/bid/75407
Trust: 1.1
url:http://www.securitytracker.com/id/1032717
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4220
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4220
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82181 // 
            
            
            
            BID: 75407 // 
            
            
            
            JVNDB: JVNDB-2015-003285 // 
            
            
            
            CNNVD: CNNVD-201506-516 // 
            
            
            
            NVD: CVE-2015-4220

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75407

SOURCES
db:VULHUBid:VHN-82181
db:BIDid:75407
db:JVNDBid:JVNDB-2015-003285
db:CNNVDid:CNNVD-201506-516
db:NVDid:CVE-2015-4220

LAST UPDATE DATE
2025-04-13T23:21:16.968000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82181date:2016-12-28T00:00:00
db:BIDid:75407date:2015-06-25T00:00:00
db:JVNDBid:JVNDB-2015-003285date:2015-06-29T00:00:00
db:CNNVDid:CNNVD-201506-516date:2015-06-26T00:00:00
db:NVDid:CVE-2015-4220date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-82181date:2015-06-25T00:00:00
db:BIDid:75407date:2015-06-25T00:00:00
db:JVNDBid:JVNDB-2015-003285date:2015-06-29T00:00:00
db:CNNVDid:CNNVD-201506-516date:2015-06-26T00:00:00
db:NVDid:CVE-2015-4220date:2015-06-25T16:59:01.220