CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0655
https://notcve.org/view.php?id=CVE-2015-0655
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184. Vulnerabilidad de XSS en Unified Web Interaction Manager en Cisco Unified Web y E-Mail Interaction Manager permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores relacionados con una solicitud POST, también conocido como Bug ID CSCus74184. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0655 http://www.securityfocus.com/bid/72824 http://www.securitytracker.com/id/1031820 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2192
https://notcve.org/view.php?id=CVE-2014-2192
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033. Vulnerabilidad de XSS en Cisco Unified Web and E-mail Interaction Manager 9.0(2) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro no especificado, también conocido como Bug ID CSCuj43033. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2192 http://tools.cisco.com/security/center/viewAlert.x?alertId=34269 http://www.securityfocus.com/bid/67464 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2193
https://notcve.org/view.php?id=CVE-2014-2193
Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084. Cisco Unified Web and E-Mail Interaction Manager coloca identificadores de sesión en solicitudes GET, lo que permite a atacantes remotos inyectar texto de conversación mediante la obtención de un identificador válido, también conocido como Bug ID CSCuj43084. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2193 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2194
https://notcve.org/view.php?id=CVE-2014-2194
system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. system/egain/chat/entrypoint en Cisco Unified Web and E-mail Interaction Manager 9.0(2) permite a atacantes remotos tener un impacto no especificado mediante la inyección de una entidad externa XML falsificada. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2194 http://tools.cisco.com/security/center/viewAlert.x?alertId=34270 • CWE-20: Improper Input Validation •