Skip to main content

Prime Collaboration Provisioning CVE-2016-6451

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2016-11-03 psirt@cisco.com
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 03, 2016 - 21:59 cve.org
MEDIUM 6.1

DescriptionCVE.org

Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. Known Affected Releases: 10.6.

AnalysisAI

Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. Known Affected Releases: 10.6. Affected products include: Cisco Prime Collaboration Provisioning.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2017-6622 CRITICAL POC
9.8 May 18

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote a

CVE-2016-1416 CRITICAL
9.8 Jul 02

Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote a

CVE-2018-0321 CRITICAL
9.8 Jun 07

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to acces

CVE-2018-0320 CRITICAL
9.8 Jun 07

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated

CVE-2018-0319 CRITICAL
9.8 Jun 07

A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthe

CVE-2018-0318 CRITICAL
9.8 Jun 07

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenti

CVE-2015-4307 CRITICAL
9.0 Sep 20

The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass inte

CVE-2017-6756 HIGH
8.8 Aug 07

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an

CVE-2018-0322 HIGH
8.8 Jun 07

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authentic

CVE-2018-0317 HIGH
8.8 Jun 07

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remot

CVE-2018-0141 HIGH
8.4 Mar 08

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local atta

CVE-2017-6621 HIGH
7.5 May 18

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote at

Share

CVE-2016-6451 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy