Cross-Site Scripting Vulnerabilities in Cisco Unified Customer Voice Portal
CVE-2014-3325

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Customer Voice Portal
Vendor: CVE Published:; 19 July 2014

Summary

The Cisco Unified Customer Voice Portal is affected by multiple cross-site scripting vulnerabilities that enable remote attackers to inject malicious web scripts or HTML through specially crafted parameters. Exploiting this vulnerability could allow an attacker to execute arbitrary code, potentially leading to data theft, session hijacking, or unauthorized access to sensitive information. The vulnerabilities are identified by Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733, which signify the various points of weakness within the product.

References

http://www.securityfocus.com/bid/68691

vdb-entryx_refsource_BID

http://secunia.com/advisories/60546

third-party-advisoryx_refsource_SECUNIA

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jul 19, 2014
Vulnerability Reserved
May 7, 2014