Cross-Site Scripting Vulnerability in Cisco Context Directory Agent
CVE-2014-0652

Currently unrated

Key Information:

Vendor: Cisco
Status: Context Directory Agent
Vendor: CVE Published:; 8 January 2014

Summary

A cross-site scripting (XSS) vulnerability exists in the Mappings page of Cisco Context Directory Agent (CDA), enabling remote attackers to inject arbitrary web scripts or HTML through crafted URLs. This vulnerability could potentially allow with improper validation of user input leading to harmful script execution in the victims' browsers, substantially raising the risk of information theft or session hijacking.

References

http://www.securityfocus.com/bid/64703

vdb-entryx_refsource_BID

http://osvdb.org/101803

vdb-entryx_refsource_OSVDB

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jan 8, 2014
Vulnerability Reserved
Jan 2, 2014