Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Telepresence Server Software | 3.0\(2.24\) |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/60456
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35031Vendor Advisory
- http://www.securityfocus.com/bid/68885Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030640Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94847
- http://secunia.com/advisories/60456
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35031Vendor Advisory
- http://www.securityfocus.com/bid/68885Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030640Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94847
FAQ
What is CVE-2014-3324?
CVE-2014-3324 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web ...
How severe is CVE-2014-3324?
CVE-2014-3324 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3324?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Telepresence Server Software.