Cross-Site Scripting Vulnerabilities in Cisco Headend Digital Broadband Delivery System
CVE-2015-0724

Currently unrated

Key Information:

Vendor
Cisco
Status
Headend Digital Broadband Delivery System
Vendor
CVE Published:
15 May 2015

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in dncs 7.0.0.12 within the Cisco Headend Digital Broadband Delivery System. These vulnerabilities enable remote attackers to inject arbitrary web scripts or HTML code through unspecified parameters in both GET and POST requests. Successful exploitation of these vulnerabilities could allow attackers to execute malicious scripts in the context of a user's session, potentially compromising sensitive information.

References

http://www.securitytracker.com/id/1032304
vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/viewAlert.x?alertI...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.