Details of VAR-201602-0052

ID

VAR-201602-0052

CVE

CVE-2016-1311

TITLE

Cisco Jabber Guest Server Management interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-001495

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID CSCuy08224

Trust: 1.98

sources: NVD: CVE-2016-1311 // JVNDB: JVNDB-2016-001495 // BID: 82632 // VULHUB: VHN-90130

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber guest	scope:	eq	version:	10.6.8	Trust: 1.6
vendor:	cisco	model:	jabber guest	scope:	eq	version:	10.6(8)	Trust: 0.8

sources: JVNDB: JVNDB-2016-001495 // CNNVD: CNNVD-201602-134 // NVD: CVE-2016-1311

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1311
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1311
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201602-134
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90130
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1311
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90130
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1311
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90130 // JVNDB: JVNDB-2016-001495 // CNNVD: CNNVD-201602-134 // NVD: CVE-2016-1311

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-90130 // JVNDB: JVNDB-2016-001495 // NVD: CVE-2016-1311

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-134

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201602-134

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001495

PATCH

title:

cisco-sa-20160203-jgs

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-jgs

Trust: 0.8

sources: JVNDB: JVNDB-2016-001495

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1311	Trust: 2.8
db:	SECTRACK	id:	1034936	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001495	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-134	Trust: 0.7
db:	BID	id:	82632	Trust: 0.3
db:	VULHUB	id:	VHN-90130	Trust: 0.1

sources: VULHUB: VHN-90130 // BID: 82632 // JVNDB: JVNDB-2016-001495 // CNNVD: CNNVD-201602-134 // NVD: CVE-2016-1311

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160203-jgs	Trust: 2.0
url:	http://www.securitytracker.com/id/1034936	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1311	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1311	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90130 // BID: 82632 // JVNDB: JVNDB-2016-001495 // CNNVD: CNNVD-201602-134 // NVD: CVE-2016-1311

CREDITS

Tom Donaldson

Trust: 0.3

sources: BID: 82632

SOURCES

db:	VULHUB	id:	VHN-90130
db:	BID	id:	82632
db:	JVNDB	id:	JVNDB-2016-001495
db:	CNNVD	id:	CNNVD-201602-134
db:	NVD	id:	CVE-2016-1311

LAST UPDATE DATE

2025-04-13T23:26:39.646000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90130	date:	2016-12-06T00:00:00
db:	BID	id:	82632	date:	2016-07-05T21:22:00
db:	JVNDB	id:	JVNDB-2016-001495	date:	2016-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201602-134	date:	2016-02-15T00:00:00
db:	NVD	id:	CVE-2016-1311	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90130	date:	2016-02-06T00:00:00
db:	BID	id:	82632	date:	2016-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-001495	date:	2016-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201602-134	date:	2016-02-14T00:00:00
db:	NVD	id:	CVE-2016-1311	date:	2016-02-06T05:59:05.417