Sign-up

ID

VAR-201508-0126


CVE

CVE-2015-6255


TITLE

Cisco Unified Web and E-mail Interaction Manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-004365

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCuo89051 and CSCuq05830. Web Interaction Manager is a product that can help call center business representatives use websites and text chats or real-time Web collaboration to answer customer questions; E-mail Interaction Manager is a product used to manage a large number of customer emails submitted to corporate mailboxes or websites

Trust: 1.98

sources: NVD: CVE-2015-6255 // JVNDB: JVNDB-2015-004365 // BID: 76406 // VULHUB: VHN-84216

AFFECTED PRODUCTS

vendor:ciscomodel:unified web and e-mail interaction managerscope:eqversion:9.0\(2\)

Trust: 1.6

vendor:ciscomodel:unified web and e-mail interaction managerscope:eqversion:9.0 (2)

Trust: 0.8

sources: JVNDB: JVNDB-2015-004365 // CNNVD: CNNVD-201508-431 // NVD: CVE-2015-6255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6255
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6255
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-431
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84216
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6255
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84216
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84216 // JVNDB: JVNDB-2015-004365 // CNNVD: CNNVD-201508-431 // NVD: CVE-2015-6255

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-84216 // JVNDB: JVNDB-2015-004365 // NVD: CVE-2015-6255

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-431

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201508-431

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004365

PATCH
title:40555url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40555
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004365

EXTERNAL IDS
db:NVDid:CVE-2015-6255
Trust: 2.8
db:BIDid:76406
Trust: 1.4
db:SECTRACKid:1033330
Trust: 1.1
db:JVNDBid:JVNDB-2015-004365
Trust: 0.8
db:CNNVDid:CNNVD-201508-431
Trust: 0.7
db:VULHUBid:VHN-84216
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84216 // 
            
            
            
            BID: 76406 // 
            
            
            
            JVNDB: JVNDB-2015-004365 // 
            
            
            
            CNNVD: CNNVD-201508-431 // 
            
            
            
            NVD: CVE-2015-6255

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40555
Trust: 1.7
url:http://www.securityfocus.com/bid/76406
Trust: 1.1
url:http://www.securitytracker.com/id/1033330
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6255
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6255
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84216 // 
            
            
            
            BID: 76406 // 
            
            
            
            JVNDB: JVNDB-2015-004365 // 
            
            
            
            CNNVD: CNNVD-201508-431 // 
            
            
            
            NVD: CVE-2015-6255

CREDITS
Jakub Kaluzny of Securing.pl
Trust: 0.3
sources:
            
            
            BID: 76406

SOURCES
db:VULHUBid:VHN-84216
db:BIDid:76406
db:JVNDBid:JVNDB-2015-004365
db:CNNVDid:CNNVD-201508-431
db:NVDid:CVE-2015-6255

LAST UPDATE DATE
2025-04-13T23:41:20.469000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84216date:2017-01-04T00:00:00
db:BIDid:76406date:2015-12-07T22:26:00
db:JVNDBid:JVNDB-2015-004365date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-431date:2015-08-20T00:00:00
db:NVDid:CVE-2015-6255date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84216date:2015-08-19T00:00:00
db:BIDid:76406date:2015-08-18T00:00:00
db:JVNDBid:JVNDB-2015-004365date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-431date:2015-08-20T00:00:00
db:NVDid:CVE-2015-6255date:2015-08-19T15:59:10.853