Skip to main content

Socialminer CVE-2019-1668

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2019-01-24 psirt@cisco.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 24, 2019 - 16:29 nvd
MEDIUM 6.1

DescriptionNVD

A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

AnalysisAI

A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Affected products include: Cisco Socialminer.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2017-12337 CRITICAL
9.8 Nov 16

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System softw

CVE-2017-12216 HIGH
8.8 Sep 07

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to

CVE-2017-6702 MEDIUM
6.1 Jul 04

A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a c

CVE-2018-15435 MEDIUM
6.1 Oct 17

A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attack

CVE-2025-20278 MEDIUM
6.0 Jun 04

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacke

CVE-2018-0290 MEDIUM
5.3 May 17

A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial

CVE-2013-5489 MEDIUM
5.0 Sep 13

The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remo

CVE-2013-5492 MEDIUM
5.0 Sep 13

administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network

CVE-2013-5483 MEDIUM
4.3 Sep 08

Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbit

CVE-2015-6356 MEDIUM
4.3 Nov 04

Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inj

CVE-2025-20129 MEDIUM
4.3 Jun 04

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMin

Share

CVE-2019-1668 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy