CVE-2014-2104: XSS
First published: Sun Mar 02 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Domain Manager | =9.0\(.1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-2104?
CVE-2014-2104 has a high severity rating due to the potential for remote attackers to execute arbitrary scripts.
How do I fix CVE-2014-2104?
To fix CVE-2014-2104, it is recommended to apply the latest security patches released by Cisco for Unified Communications Domain Manager.
Which versions are affected by CVE-2014-2104?
CVE-2014-2104 affects Cisco Unified Communications Domain Manager version 9.0(.1).
What types of attacks are possible with CVE-2014-2104?
CVE-2014-2104 allows remote attackers to perform cross-site scripting (XSS) attacks, injecting arbitrary HTML or web scripts.
Is there an official mitigation strategy for CVE-2014-2104?
Yes, Cisco recommends upgrading to fixed software versions or applying listed workarounds in their security advisories to mitigate CVE-2014-2104.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/cisco
- canonical/cisco unified communications domain manager
- version/cisco unified communications domain manager/9.0\(.1\)