CVE-2014-3266

Cisco Security Manager < 4.6 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189.

References (4)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3266

[Vendor Advisory] http://tools.cisco.com/security/center/viewAlert.x?alertId=34340

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/67569

[Third Party Advisory] http://secunia.com/advisories/58923

Scores

EPSS 0.0031

EPSS Percentile 53.9%

Details

CWE

CWE-79

Status published

Products (19)

cisco/security_manager < 4.6

cisco/security_manager

... and 9 more

Published May 26, 2014

Tracked Since Feb 18, 2026