cvelistv5 - cve-2014-3313

CVE-2014-3313 (GCVE-0-2014-3313)

Vulnerability from cvelistv5 – Published: 2014-07-09 10:00 – Updated: 2024-08-06 10:43

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/viewAlert.…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1030553	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/68464	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://secunia.com/advisories/59808	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:05.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885"
          },
          {
            "name": "1030553",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030553"
          },
          {
            "name": "68464",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68464"
          },
          {
            "name": "cisco-small-cve20143313-xss(94422)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94422"
          },
          {
            "name": "20140708 Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313"
          },
          {
            "name": "59808",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59808"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885"
        },
        {
          "name": "1030553",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030553"
        },
        {
          "name": "68464",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68464"
        },
        {
          "name": "cisco-small-cve20143313-xss(94422)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94422"
        },
        {
          "name": "20140708 Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313"
        },
        {
          "name": "59808",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59808"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3313",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885"
            },
            {
              "name": "1030553",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030553"
            },
            {
              "name": "68464",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68464"
            },
            {
              "name": "cisco-small-cve20143313-xss(94422)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94422"
            },
            {
              "name": "20140708 Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313"
            },
            {
              "name": "59808",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59808"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3313",
    "datePublished": "2014-07-09T10:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:43:05.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa_301_1_line_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0730B450-BC83-4624-9F0C-4DBDB8EC2270\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa_303_3_line_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF3EB07A-B4FB-4649-B8EF-10E642454126\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"527E6A1C-A9AE-4AF3-8507-AC2A03924E7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD470FF7-2536-4438-8ABD-96CB2C3E75E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84F14F35-FB94-4EC7-B50C-2CA6DD03A703\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FA06FAB-9D59-40AD-8888-767D48B2DBCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F797658-737B-445F-AF43-E591231F1A64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71D77638-F36D-4FE7-871F-DB985DD82130\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A68F5658-F1EE-4AA5-A7E5-4FEAA73C0DA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEDD2219-75C0-4E70-9A32-761CAB513C4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CC94EC7-F454-4FAD-9E40-474A4D416F60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa901_1-line_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96E1F0C7-7BE9-45AA-90F1-FAE8EEC6BD8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa922_1-line_ip_phone_with_1-port_ethernet:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA385D00-7BA4-4DFB-8E90-BCE67FCA500E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa941_4-line_ip_phone_with_1-port_ethernet:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF945607-A3E5-4922-8841-E0893FCC5B18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa942_4-line_ip_phone_with_2-port_switch:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20E21B6C-C0A1-4373-9994-BA708218E741\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:spa962_6-line_ip_phone_with_2-port_switch:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F518B422-4AFD-49E5-9119-ED4DEEC50C5A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de XSS en la interfaz de usuario web en los tel\\u00e9fonos Cisco Small Business SPA300 y SPA500 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\\u00e9s de una URL manipulada, tambi\\u00e9n conocido como Bug ID CSCuo52582.\"}]",
      "id": "CVE-2014-3313",
      "lastModified": "2024-11-21T02:07:50.797",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-07-09T11:07:01.540",
      "references": "[{\"url\": \"http://secunia.com/advisories/59808\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=34885\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/68464\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1030553\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/94422\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/59808\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=34885\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/68464\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1030553\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/94422\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3313\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2014-07-09T11:07:01.540\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en la interfaz de usuario web en los tel\u00e9fonos Cisco Small Business SPA300 y SPA500 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCuo52582.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa_301_1_line_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0730B450-BC83-4624-9F0C-4DBDB8EC2270\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa_303_3_line_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3EB07A-B4FB-4649-B8EF-10E642454126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"527E6A1C-A9AE-4AF3-8507-AC2A03924E7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD470FF7-2536-4438-8ABD-96CB2C3E75E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84F14F35-FB94-4EC7-B50C-2CA6DD03A703\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FA06FAB-9D59-40AD-8888-767D48B2DBCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F797658-737B-445F-AF43-E591231F1A64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71D77638-F36D-4FE7-871F-DB985DD82130\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A68F5658-F1EE-4AA5-A7E5-4FEAA73C0DA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEDD2219-75C0-4E70-9A32-761CAB513C4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CC94EC7-F454-4FAD-9E40-474A4D416F60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa901_1-line_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96E1F0C7-7BE9-45AA-90F1-FAE8EEC6BD8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa922_1-line_ip_phone_with_1-port_ethernet:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA385D00-7BA4-4DFB-8E90-BCE67FCA500E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa941_4-line_ip_phone_with_1-port_ethernet:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF945607-A3E5-4922-8841-E0893FCC5B18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa942_4-line_ip_phone_with_2-port_switch:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20E21B6C-C0A1-4373-9994-BA708218E741\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:spa962_6-line_ip_phone_with_2-port_switch:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F518B422-4AFD-49E5-9119-ED4DEEC50C5A\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/59808\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=34885\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/68464\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1030553\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/94422\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://secunia.com/advisories/59808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=34885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/68464\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1030553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/94422\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-P26P-CPC6-VCR8

Vulnerability from github – Published: 2022-05-17 01:25 – Updated: 2022-05-17 01:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-07-09T11:07:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.",
  "id": "GHSA-p26p-cpc6-vcr8",
  "modified": "2022-05-17T01:25:08Z",
  "published": "2022-05-17T01:25:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3313"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94422"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59808"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/68464"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030553"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201407-0377

Vulnerability from variot - Updated: 2023-12-18 12:57

Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582. The Cisco Small Businsess SPA300 and SPA500 Series IP Phones WEB interfaces fail to adequately filter user input, and remote attackers exploit vulnerabilities to build malicious URIs, entice users to resolve, obtain sensitive cookies, hijack sessions, or perform malicious operations on the client. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuo52582

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201407-0377",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "spa 512g 1-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa962 6-line ip phone with 2-port switch",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 303 3 line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa942 4-line ip phone with 2-port switch",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 504g 4-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa922 1-line ip phone with 1-port ethernet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 502g 1-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 509g 12-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa901 1-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa941 4-line ip phone with 1-port ethernet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 501g 8-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 508g 8-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 525g2 5-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 301 1 line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 525g 5-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 514g 4-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 301 1-line ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "firmware  7.5(.5)"
      },
      {
        "model": "spa 303 3-line ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "firmware  7.5(.5)"
      },
      {
        "model": "spa 501g 8-line ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "firmware  7.5(.4)"
      },
      {
        "model": "spa 502g 1-line ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "firmware  7.5(.4)"
      },
      {
        "model": "spa 504g 4-line ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "firmware  7.5(.4)"
      },
      {
        "model": "spa 508g 8-line ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "firmware  7.5(.4)"
      },
      {
        "model": "spa 509g 12-line ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "firmware  7.5(.4)"
      },
      {
        "model": "spa 512g 1-line ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "firmware  7.5(.4)"
      },
      {
        "model": "spa 514g 4-line ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "firmware  7.5(.4)"
      },
      {
        "model": "spa 525g 5-line ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "firmware  7.5(.4)"
      },
      {
        "model": "spa 525g2 5-line ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "firmware  7.5(.4)"
      },
      {
        "model": "small business spa series ip phones",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "500"
      },
      {
        "model": "small business spa series ip phones",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "spa 512g 1-line ip phone",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 509g 12-line ip phone",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 504g 4-line ip phone",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 303 3 line ip phone",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 501g 8-line ip phone",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 508g 8-line ip phone",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 301 1 line ip phone",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 502g 1-line ip phone",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa962 6-line ip phone with 2-port switch",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa942 4-line ip phone with 2-port switch",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-04222"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003295"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3313"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-233"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa941_4-line_ip_phone_with_1-port_ethernet:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa922_1-line_ip_phone_with_1-port_ethernet:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa901_1-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_303_3_line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_301_1_line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa962_6-line_ip_phone_with_2-port_switch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa942_4-line_ip_phone_with_2-port_switch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3313"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "68464"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-3313",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-3313",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2014-04222",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-71253",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3313",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-04222",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201407-233",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-71253",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-04222"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71253"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003295"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3313"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-233"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582. The Cisco Small Businsess SPA300 and SPA500 Series IP Phones WEB interfaces fail to adequately filter user input, and remote attackers exploit vulnerabilities to build malicious URIs, entice users to resolve, obtain sensitive cookies, hijack sessions, or perform malicious operations on the client. \nAn attacker may leverage this issue to execute arbitrary script code  in the browser of an unsuspecting user in the context of the affected  site. This can allow the attacker to steal cookie-based authentication  credentials and launch other attacks. \nThis issue is being tracked by Cisco Bug ID CSCuo52582",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3313"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003295"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-04222"
      },
      {
        "db": "BID",
        "id": "68464"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71253"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3313",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "68464",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1030553",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59808",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003295",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-233",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-04222",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-71253",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-04222"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71253"
      },
      {
        "db": "BID",
        "id": "68464"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003295"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3313"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-233"
      }
    ]
  },
  "id": "VAR-201407-0377",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-04222"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71253"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-04222"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:57:56.905000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3313"
      },
      {
        "title": "34885",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34885"
      },
      {
        "title": "Cisco Series IP Phones have patches for unidentified cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/47371"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-04222"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003295"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71253"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003295"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3313"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3313"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/68464"
      },
      {
        "trust": 1.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34885"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030553"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59808"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94422"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3313"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3313"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-04222"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71253"
      },
      {
        "db": "BID",
        "id": "68464"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003295"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3313"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-233"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-04222"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71253"
      },
      {
        "db": "BID",
        "id": "68464"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003295"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3313"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-233"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-07-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-04222"
      },
      {
        "date": "2014-07-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71253"
      },
      {
        "date": "2014-07-08T00:00:00",
        "db": "BID",
        "id": "68464"
      },
      {
        "date": "2014-07-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003295"
      },
      {
        "date": "2014-07-09T11:07:01.540000",
        "db": "NVD",
        "id": "CVE-2014-3313"
      },
      {
        "date": "2014-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201407-233"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-07-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-04222"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71253"
      },
      {
        "date": "2014-07-08T00:00:00",
        "db": "BID",
        "id": "68464"
      },
      {
        "date": "2014-07-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003295"
      },
      {
        "date": "2017-08-29T01:34:41.717000",
        "db": "NVD",
        "id": "CVE-2014-3313"
      },
      {
        "date": "2014-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201407-233"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-233"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Small Business SPA300 and  SPA500 Series  IP phone of  Web Cross-site scripting vulnerability in user interface",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003295"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-233"
      }
    ],
    "trust": 0.6
  }
}

GSD-2014-3313

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-3313

Aliases

CVE-2014-3313

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3313",
    "description": "Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.",
    "id": "GSD-2014-3313"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3313"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.",
      "id": "GSD-2014-3313",
      "modified": "2023-12-13T01:22:53.925106Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-3313",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885"
          },
          {
            "name": "1030553",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030553"
          },
          {
            "name": "68464",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/68464"
          },
          {
            "name": "cisco-small-cve20143313-xss(94422)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94422"
          },
          {
            "name": "20140708 Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313"
          },
          {
            "name": "59808",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59808"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa941_4-line_ip_phone_with_1-port_ethernet:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa922_1-line_ip_phone_with_1-port_ethernet:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa901_1-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_303_3_line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_301_1_line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa962_6-line_ip_phone_with_2-port_switch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa942_4-line_ip_phone_with_2-port_switch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3313"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140708 Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313"
            },
            {
              "name": "68464",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/68464"
            },
            {
              "name": "1030553",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030553"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885"
            },
            {
              "name": "59808",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59808"
            },
            {
              "name": "cisco-small-cve20143313-xss(94422)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94422"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-29T01:34Z",
      "publishedDate": "2014-07-09T11:07Z"
    }
  }
}

FKIE_CVE-2014-3313

Vulnerability from fkie_nvd - Published: 2014-07-09 11:07 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://secunia.com/advisories/59808
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313	Vendor Advisory
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=34885	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/68464
psirt@cisco.com	http://www.securitytracker.com/id/1030553
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/94422
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59808
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=34885	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/68464
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030553
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/94422

Impacted products

Vendor	Product	Version
cisco	spa_301_1_line_ip_phone	*
cisco	spa_303_3_line_ip_phone	*
cisco	spa_501g_8-line_ip_phone	*
cisco	spa_502g_1-line_ip_phone	*
cisco	spa_504g_4-line_ip_phone	*
cisco	spa_508g_8-line_ip_phone	*
cisco	spa_509g_12-line_ip_phone	*
cisco	spa_512g_1-line_ip_phone	*
cisco	spa_514g_4-line_ip_phone	*
cisco	spa_525g_5-line_ip_phone	*
cisco	spa_525g2_5-line_ip_phone	*
cisco	spa901_1-line_ip_phone	*
cisco	spa922_1-line_ip_phone_with_1-port_ethernet	*
cisco	spa941_4-line_ip_phone_with_1-port_ethernet	*
cisco	spa942_4-line_ip_phone_with_2-port_switch	*
cisco	spa962_6-line_ip_phone_with_2-port_switch	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa_301_1_line_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0730B450-BC83-4624-9F0C-4DBDB8EC2270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa_303_3_line_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3EB07A-B4FB-4649-B8EF-10E642454126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "527E6A1C-A9AE-4AF3-8507-AC2A03924E7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD470FF7-2536-4438-8ABD-96CB2C3E75E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84F14F35-FB94-4EC7-B50C-2CA6DD03A703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FA06FAB-9D59-40AD-8888-767D48B2DBCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F797658-737B-445F-AF43-E591231F1A64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71D77638-F36D-4FE7-871F-DB985DD82130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A68F5658-F1EE-4AA5-A7E5-4FEAA73C0DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDD2219-75C0-4E70-9A32-761CAB513C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CC94EC7-F454-4FAD-9E40-474A4D416F60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa901_1-line_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96E1F0C7-7BE9-45AA-90F1-FAE8EEC6BD8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa922_1-line_ip_phone_with_1-port_ethernet:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA385D00-7BA4-4DFB-8E90-BCE67FCA500E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa941_4-line_ip_phone_with_1-port_ethernet:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF945607-A3E5-4922-8841-E0893FCC5B18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa942_4-line_ip_phone_with_2-port_switch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E21B6C-C0A1-4373-9994-BA708218E741",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:spa962_6-line_ip_phone_with_2-port_switch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F518B422-4AFD-49E5-9119-ED4DEEC50C5A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la interfaz de usuario web en los tel\u00e9fonos Cisco Small Business SPA300 y SPA500 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCuo52582."
    }
  ],
  "id": "CVE-2014-3313",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-09T11:07:01.540",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/59808"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/68464"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1030553"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/68464"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94422"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-3313 (GCVE-0-2014-3313)

GHSA-P26P-CPC6-VCR8

VAR-201407-0377

GSD-2014-3313

FKIE_CVE-2014-3313

Tags

Sightings

Nomenclature