3.5
CVE-2008-4542
- EPSS 1.02%
- Veröffentlicht 13.10.2008 20:00:02
- Zuletzt bearbeitet 16.06.2026 22:58:02
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store).
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.02% | 0.588 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html
http://www.securityfocus.com/bid/31642
http://www.vupen.com/english/advisories/2008/2771
http://secunia.com/advisories/32207
http://securitytracker.com/id?1021012
http://www.voipshield.com/research-details.php?id=127
https://exchange.xforce.ibmcloud.com/vulnerabilities/45744