ID
VAR-201507-0536
CVE
CVE-2015-4249
TITLE
Cisco WebEx Meeting Center Vulnerable to cross-site scripting
Trust: 0.8
DESCRIPTION
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none. Cisco WebEx Meeting Center Contains a cross-site scripting vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuv01955 It is released as.By a third party (1) GET Or (2) POST Via any unspecified parameters to the request Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuv01955. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | webex meeting center | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | webex meeting center | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | webex meeting center | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | 39782 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=39782 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-4249 | Trust: 2.8 |
| db: | JVNDB | id: | JVNDB-2015-003552 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201507-356 | Trust: 0.7 |
| db: | BID | id: | 75709 | Trust: 0.4 |
| db: | SECTRACK | id: | 1032862 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-82210 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=39782 | Trust: 0.9 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4249 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4249 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | http://www.webex.com/products/enterprise_meetings.html | Trust: 0.3 |
| url: | http://www.securitytracker.com/id/1032862 | Trust: 0.1 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-82210 |
| db: | BID | id: | 75709 |
| db: | JVNDB | id: | JVNDB-2015-003552 |
| db: | CNNVD | id: | CNNVD-201507-356 |
| db: | NVD | id: | CVE-2015-4249 |
LAST UPDATE DATE
2024-08-14T14:52:19.453000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-82210 | date: | 2015-07-23T00:00:00 |
| db: | BID | id: | 75709 | date: | 2015-07-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-003552 | date: | 2015-07-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-201507-356 | date: | 2015-07-14T00:00:00 |
| db: | NVD | id: | CVE-2015-4249 | date: | 2023-11-07T02:25:49.483 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-82210 | date: | 2015-07-13T00:00:00 |
| db: | BID | id: | 75709 | date: | 2015-07-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-003552 | date: | 2015-07-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-201507-356 | date: | 2015-07-14T00:00:00 |
| db: | NVD | id: | CVE-2015-4249 | date: | 2015-07-13T10:59:00.077 |