1. Home
  2. CVE Database
  3. CVE-2014-3344
MEDIUM · 4.3

CVE-2014-3344

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attacke...

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq31134, CSCuq31137, and CSCuq31563.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
CiscoTransport Gateway Installation Software4.0

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2014-3344?

CVE-2014-3344 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attacke...

How severe is CVE-2014-3344?

CVE-2014-3344 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3344?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Transport Gateway Installation Software.