Multiple Cross-Site Scripting Vulnerabilities in Cisco Transport Gateway
CVE-2014-3344

Currently unrated

Key Information:

Vendor: Cisco
Status: Transport Gateway Installation Software
Vendor: CVE Published:; 28 August 2014

What is CVE-2014-3344?

Several cross-site scripting vulnerabilities exist in the web framework of Cisco's Transport Gateway for Smart Call Home. These flaws allow remote attackers to inject arbitrary web scripts or HTML code through specific parameters, enabling them to manipulate browser sessions or compromise user data. Organizations using the impacted versions are urged to implement security measures to mitigate potential exploits.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://secunia.com/advisories/60278

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1030760

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2014
Vulnerability Reserved
May 7, 2014