Sign-up

ID

VAR-201710-0647


CVE

CVE-2017-12269


TITLE

Cisco Spark Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-008608

DESCRIPTION

A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this vulnerability by injecting XSS content into the web UI of the affected software. A successful exploit could allow the attacker to force a user to execute code of the attacker's choosing or allow the attacker to retrieve sensitive information from the user. Cisco Bug IDs: CSCvf70587, CSCvf70592. Vendors have confirmed this vulnerability Bug ID CSCvf70587 , CSCvf70592 It is released as.Information may be obtained and information may be altered. Other attacks are also possible. By providing a virtual space, the solution allows teams at any location to work together, call and video, discuss issues, store team files and documents, etc

Trust: 1.98

sources: NVD: CVE-2017-12269 // JVNDB: JVNDB-2017-008608 // BID: 101150 // VULHUB: VHN-102774

AFFECTED PRODUCTS

vendor:ciscomodel:sparkscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:sparkscope: - version: -

Trust: 0.8

vendor:ciscomodel:sparkscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:conference director seriesscope:eqversion:0

Trust: 0.3

sources: BID: 101150 // JVNDB: JVNDB-2017-008608 // CNNVD: CNNVD-201710-049 // NVD: CVE-2017-12269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12269
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12269
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201710-049
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102774
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-12269
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102774
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12269
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102774 // JVNDB: JVNDB-2017-008608 // CNNVD: CNNVD-201710-049 // NVD: CVE-2017-12269

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-102774 // JVNDB: JVNDB-2017-008608 // NVD: CVE-2017-12269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-049

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201710-049

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008608

PATCH
title:cisco-sa-20171004-sprkurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-sprk
Trust: 0.8
title:Cisco Spark Messaging Software Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75267
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-008608 // 
            
            
            
            CNNVD: CNNVD-201710-049

EXTERNAL IDS
db:NVDid:CVE-2017-12269
Trust: 2.8
db:BIDid:101150
Trust: 2.0
db:JVNDBid:JVNDB-2017-008608
Trust: 0.8
db:CNNVDid:CNNVD-201710-049
Trust: 0.7
db:VULHUBid:VHN-102774
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102774 // 
            
            
            
            BID: 101150 // 
            
            
            
            JVNDB: JVNDB-2017-008608 // 
            
            
            
            CNNVD: CNNVD-201710-049 // 
            
            
            
            NVD: CVE-2017-12269

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171004-sprk
Trust: 2.0
url:http://www.securityfocus.com/bid/101150
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12269
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12269
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-102774 // 
            
            
            
            BID: 101150 // 
            
            
            
            JVNDB: JVNDB-2017-008608 // 
            
            
            
            CNNVD: CNNVD-201710-049 // 
            
            
            
            NVD: CVE-2017-12269

CREDITS
James Schwinabart of Qualcomm Technologies, Inc.
Trust: 0.3
sources:
            
            
            BID: 101150

SOURCES
db:VULHUBid:VHN-102774
db:BIDid:101150
db:JVNDBid:JVNDB-2017-008608
db:CNNVDid:CNNVD-201710-049
db:NVDid:CVE-2017-12269

LAST UPDATE DATE
2025-04-20T23:37:48.035000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102774date:2019-10-09T00:00:00
db:BIDid:101150date:2017-10-10T00:00:00
db:JVNDBid:JVNDB-2017-008608date:2017-10-24T00:00:00
db:CNNVDid:CNNVD-201710-049date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12269date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-102774date:2017-10-05T00:00:00
db:BIDid:101150date:2017-10-10T00:00:00
db:JVNDBid:JVNDB-2017-008608date:2017-10-24T00:00:00
db:CNNVDid:CNNVD-201710-049date:2017-10-10T00:00:00
db:NVDid:CVE-2017-12269date:2017-10-05T07:29:00.747