4.3
CVE-2012-3047
- EPSS 0.26%
- Veröffentlicht 10.12.2013 19:55:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginCross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Scientific Atlanta Dpc2420 Version-
Cisco ≫ Scientific Atlanta Dpc3825 Version-
Cisco ≫ Scientific Atlanta Dpc3925 Version-
Cisco ≫ Scientific Atlanta Dpq2202 Version-
Cisco ≫ Scientific Atlanta Dpq2425 Version-
Cisco ≫ Scientific Atlanta Dpq3212 Version-
Cisco ≫ Scientific Atlanta Dpq3925 Version-
Cisco ≫ Scientific Atlanta Dpr362 Version-
Cisco ≫ Scientific Atlanta Dpw700 Version-
Cisco ≫ Scientific Atlanta Dpw730 Version-
Cisco ≫ Scientific Atlanta Dpw939 Version-
Cisco ≫ Scientific Atlanta Dpw941 Version-
Cisco ≫ Scientific Atlanta Dpx110 Version-
Cisco ≫ Scientific Atlanta Dpx130 Version-
Cisco ≫ Scientific Atlanta Dpx213 Version-
Cisco ≫ Scientific Atlanta Dpx2213 Version-
Cisco ≫ Scientific Atlanta Epc2420 Version-
Cisco ≫ Scientific Atlanta Epc3825 Version-
Cisco ≫ Scientific Atlanta Epc3925 Version-
Cisco ≫ Scientific Atlanta Wag310g Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.467 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.