Cross-Site Scripting Vulnerabilities in Cisco Emergency Responder
CVE-2016-1331

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Opensolaris
Vendor: CVE Published:; 15 February 2016

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in specific versions of Cisco Emergency Responder, allowing attackers to inject arbitrary web scripts or HTML through unspecified parameters. This can lead to unauthorized access and the execution of malicious scripts in the context of the victim's browser, which poses serious risks for users interacting with the vulnerable application.

References

http://www.securitytracker.com/id/1035012

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 15, 2016
Vulnerability Reserved
Jan 4, 2016