Details of VAR-201507-0533

ID

VAR-201507-0533

CVE

CVE-2015-4245

TITLE

Cisco WebEx Training Center Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-04976 // CNNVD: CNNVD-201507-693

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none. Cisco WebEx Training Center is an online training solution from Cisco. A cross-site scripting vulnerability exists in Cisco WebEx Training Center that allows remote attackers to inject arbitrary web scripts or HTML with an unspecified value. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCut92274. The program provides a wealth of tools for online classrooms, online training, and online exams

Trust: 1.8

sources: NVD: CVE-2015-4245 // CNVD: CNVD-2015-04976 // BID: 75960 // VULHUB: VHN-82206

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-04976

AFFECTED PRODUCTS

vendor:	cisco	model:	webex training center	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	webex training center	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	webex training center	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2015-04976 // BID: 75960 // CNNVD: CNNVD-201507-693

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-04976
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201507-693
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2015-04976
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-04976 // CNNVD: CNNVD-201507-693

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-693

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201507-693

PATCH

title:

Patch for Cisco WebEx Training Center Cross-Site Scripting Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/61615

Trust: 0.6

sources: CNVD: CNVD-2015-04976

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4245	Trust: 2.6
db:	BID	id:	75960	Trust: 1.0
db:	CNNVD	id:	CNNVD-201507-693	Trust: 0.7
db:	CNVD	id:	CNVD-2015-04976	Trust: 0.6
db:	VULHUB	id:	VHN-82206	Trust: 0.1

sources: CNVD: CNVD-2015-04976 // VULHUB: VHN-82206 // BID: 75960 // CNNVD: CNNVD-201507-693 // NVD: CVE-2015-4245

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39753	Trust: 1.6
url:	http://www.securityfocus.com/bid/75960	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.4
url:	http://www.cisco.com/en/us/products/ps10410/index.html	Trust: 0.4

sources: CNVD: CNVD-2015-04976 // VULHUB: VHN-82206 // BID: 75960 // CNNVD: CNNVD-201507-693

CREDITS

Cisco

Trust: 0.3

sources: BID: 75960

SOURCES

db:	CNVD	id:	CNVD-2015-04976
db:	VULHUB	id:	VHN-82206
db:	BID	id:	75960
db:	CNNVD	id:	CNNVD-201507-693
db:	NVD	id:	CVE-2015-4245

LAST UPDATE DATE

2024-08-14T13:33:56.956000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04976	date:	2015-07-29T00:00:00
db:	VULHUB	id:	VHN-82206	date:	2015-07-23T00:00:00
db:	BID	id:	75960	date:	2015-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201507-693	date:	2015-07-22T00:00:00
db:	NVD	id:	CVE-2015-4245	date:	2023-11-07T02:25:48.133

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-04976	date:	2015-07-28T00:00:00
db:	VULHUB	id:	VHN-82206	date:	2015-07-21T00:00:00
db:	BID	id:	75960	date:	2015-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201507-693	date:	2015-07-22T00:00:00
db:	NVD	id:	CVE-2015-4245	date:	2015-07-21T14:59:00.080