Cross-Site Scripting Vulnerability in Cisco Transport Gateway
CVE-2016-6359

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Transport Gateway Installation Software
Vendor: CVE Published:; 22 August 2016

What is CVE-2016-6359?

A cross-site scripting (XSS) vulnerability exists in Cisco Transport Gateway Installation Software 4.1(4.0) that could allow a remote attacker to inject arbitrary web scripts or HTML through a crafted value. This can potentially lead to unauthorized actions performed in the context of a logged-in user, exposing sensitive information or triggering unintended actions. The vulnerability is associated with specific Bug IDs CSCva40650 and CSCva40817, emphasizing the need for immediate attention and patching to mitigate risks in Smart Call Home Transport Gateway devices.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/92516

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2016
Vulnerability Reserved
Jul 26, 2016