Cross-Site Scripting Flaw in Cisco Social Miner WeChat Feature
CVE-2015-6356

Currently unrated

Key Information:

Vendor: Cisco
Status: Socialminer
Vendor: CVE Published:; 4 November 2015

Summary

A cross-site scripting vulnerability has been identified in the WeChat page of Cisco Social Miner, impacting version 10.0(1). This flaw allows remote attackers to inject arbitrary web scripts or HTML into the page through unspecified vectors, potentially compromising user data or system integrity. Mitigation is crucial to prevent exploitation that could lead to unauthorized actions performed on behalf of users.

References

http://www.securitytracker.com/id/1034048

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Nov 4, 2015
Vulnerability Reserved
Aug 17, 2015