Sign-up

ID

VAR-201512-0391


CVE

CVE-2015-6416


TITLE

Cisco Unified Email Interaction Manager and Unified Web Interaction Manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-006396

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuw24479

Trust: 1.98

sources: NVD: CVE-2015-6416 // JVNDB: JVNDB-2015-006396 // BID: 79034 // VULHUB: VHN-84377

AFFECTED PRODUCTS

vendor:ciscomodel:unified web and e-mail interaction managerscope:eqversion:11.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified web and e-mail interaction managerscope:eqversion:11.0(1)

Trust: 1.1

sources: BID: 79034 // JVNDB: JVNDB-2015-006396 // CNNVD: CNNVD-201512-405 // NVD: CVE-2015-6416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6416
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6416
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-405
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84377
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6416
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84377
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84377 // JVNDB: JVNDB-2015-006396 // CNNVD: CNNVD-201512-405 // NVD: CVE-2015-6416

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-84377 // JVNDB: JVNDB-2015-006396 // NVD: CVE-2015-6416

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-405

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201512-405

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006396

PATCH
title:cisco-sa-20151210-uimurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-uim
Trust: 0.8
title:Cisco Unified Email Interaction Manager  and Unified Web Interaction Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59218
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006396 // 
            
            
            
            CNNVD: CNNVD-201512-405

EXTERNAL IDS
db:NVDid:CVE-2015-6416
Trust: 2.8
db:BIDid:79034
Trust: 1.4
db:SECTRACKid:1034382
Trust: 1.1
db:JVNDBid:JVNDB-2015-006396
Trust: 0.8
db:CNNVDid:CNNVD-201512-405
Trust: 0.7
db:VULHUBid:VHN-84377
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84377 // 
            
            
            
            BID: 79034 // 
            
            
            
            JVNDB: JVNDB-2015-006396 // 
            
            
            
            CNNVD: CNNVD-201512-405 // 
            
            
            
            NVD: CVE-2015-6416

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151210-uim
Trust: 2.0
url:http://www.securityfocus.com/bid/79034
Trust: 1.1
url:http://www.securitytracker.com/id/1034382
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6416
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6416
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84377 // 
            
            
            
            BID: 79034 // 
            
            
            
            JVNDB: JVNDB-2015-006396 // 
            
            
            
            CNNVD: CNNVD-201512-405 // 
            
            
            
            NVD: CVE-2015-6416

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 79034

SOURCES
db:VULHUBid:VHN-84377
db:BIDid:79034
db:JVNDBid:JVNDB-2015-006396
db:CNNVDid:CNNVD-201512-405
db:NVDid:CVE-2015-6416

LAST UPDATE DATE
2025-04-13T23:29:31.167000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84377date:2016-12-07T00:00:00
db:BIDid:79034date:2015-12-10T00:00:00
db:JVNDBid:JVNDB-2015-006396date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-405date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6416date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84377date:2015-12-14T00:00:00
db:BIDid:79034date:2015-12-10T00:00:00
db:JVNDBid:JVNDB-2015-006396date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-405date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6416date:2015-12-14T03:59:05.030