Details of VAR-201507-0535

ID

VAR-201507-0535

CVE

CVE-2015-4247

TITLE

Cisco WebEx Meeting Center admin site Component Cross-Site Scripting Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201507-695

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none. Cisco WebEx Meeting Center is prone to an unspecified HTML-injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuv01971. Cisco WebEx Meeting Center is an online meeting product in a set of WebEx meeting solutions of Cisco (Cisco). The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Trust: 1.26

sources: NVD: CVE-2015-4247 // BID: 75957 // VULHUB: VHN-82208

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meeting center	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	webex meeting center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 75957 // CNNVD: CNNVD-201507-695

CVSS

SEVERITY

CVSSV2

CVSSV3

CNNVD:	CNNVD-201507-695
value:	MEDIUM
Trust: 0.6

sources: CNNVD: CNNVD-201507-695

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-695

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201507-695

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4247	Trust: 2.0
db:	CNNVD	id:	CNNVD-201507-695	Trust: 0.7
db:	NSFOCUS	id:	30492	Trust: 0.6
db:	BID	id:	75957	Trust: 0.4
db:	VULHUB	id:	VHN-82208	Trust: 0.1

sources: VULHUB: VHN-82208 // BID: 75957 // CNNVD: CNNVD-201507-695 // NVD: CVE-2015-4247

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39756	Trust: 1.0
url:	http://www.nsfocus.net/vulndb/30492	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.4
url:	http://www.webex.com/products/enterprise_meetings.html	Trust: 0.4

sources: VULHUB: VHN-82208 // BID: 75957 // CNNVD: CNNVD-201507-695

CREDITS

Cisco

Trust: 0.3

sources: BID: 75957

SOURCES

db:	VULHUB	id:	VHN-82208
db:	BID	id:	75957
db:	CNNVD	id:	CNNVD-201507-695
db:	NVD	id:	CVE-2015-4247

LAST UPDATE DATE

2024-08-14T14:20:54.512000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-82208	date:	2015-07-23T00:00:00
db:	BID	id:	75957	date:	2015-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201507-695	date:	2015-07-22T00:00:00
db:	NVD	id:	CVE-2015-4247	date:	2023-11-07T02:25:48.580

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-82208	date:	2015-07-21T00:00:00
db:	BID	id:	75957	date:	2015-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201507-695	date:	2015-07-22T00:00:00
db:	NVD	id:	CVE-2015-4247	date:	2015-07-21T14:59:02.893