var-201206-0042
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715. plural Cisco Product SIP An implementation of contains a cross-site scripting vulnerability. The problem is Bug ID CSCtr27277 , CSCtr27256 , CSCtr27274 ,and CSCtr14715 It is a problem.By a third party INVITE Message FROM Any through the field Web Script or HTML May be inserted. Cisco Small Business Voice Gateways and ATAs and Cisco Small Business SPA 500 Series IP Phones are Cisco's IP telephony solutions. Due to the lack of adequate filtering of user input to the SIP INVITE message FROM field (especially the Display Name and User ID parameters), an unverified remote attacker can send a specially crafted SIP INVITE message to entice the user to access the affected device call log WEB page when malicious When a message is processed by an affected device, the application returns a response containing the malicious code provided by the attacker to the user and causes the malicious code to execute on the target user's browser. is prone to a cross-site scripting vulnerability. Also known as Bug IDs CSCtr27277, CSCtr27256, CSCtr27274 and CSCtr14715
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0042",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spa 500 series ip phone",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.3.7"
},
{
"model": "spa 500 series ip phone",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.4.6"
},
{
"model": "spa 500 series ip phone",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.4.7"
},
{
"model": "spa3102 voice gateway with router",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.1.7"
},
{
"model": "spa 500 series ip phone",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.4.4"
},
{
"model": "spa 500 series ip phone",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.4.3"
},
{
"model": "spa3102 voice gateway with router",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.3.6"
},
{
"model": "spa8000 8-port ip telephony gateway",
"scope": "lt",
"trust": 1.4,
"vendor": "cisco",
"version": "6.1.11"
},
{
"model": "spa8800 ip telephony gateway",
"scope": "lt",
"trust": 1.4,
"vendor": "cisco",
"version": "6.1.11"
},
{
"model": "spa2102 phone adapter with router",
"scope": "lt",
"trust": 1.4,
"vendor": "cisco",
"version": "5.2.13"
},
{
"model": "spa3102 voice gateway with router",
"scope": "lt",
"trust": 1.4,
"vendor": "cisco",
"version": "5.2.13"
},
{
"model": "spa2102 phone adapter with router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "spa 502g 1-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 508g 8-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 525g 5-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa8000 8-port ip telephony gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.10"
},
{
"model": "spa2102 phone adapter with router",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.12"
},
{
"model": "spa 509g 12-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 504g 4-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa8000 8-port ip telephony gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.1.12"
},
{
"model": "spa 501g 8-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 512g 1-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa8800 ip telephony gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "spa8000 8-port ip telephony gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "spa8800 8-port ip telephony gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.7"
},
{
"model": "spa2102 phone adapter with router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.5"
},
{
"model": "spa3102 voice gateway with router",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.1.10"
},
{
"model": "spa 525g2 5-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa8000 8-port ip telephony gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.3"
},
{
"model": "spa 500 series ip phone",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.4.8"
},
{
"model": "spa 514g 4-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa2102 phone adapter with router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.10"
},
{
"model": "spa2102 phone adapter with router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.3"
},
{
"model": "spa3102 voice gateway with router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "small business spa500 series ip phone",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "7.4.9"
},
{
"model": "spa 501g 8-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 502g 1-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 504g 4-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 508g 8-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 509g 12-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 512g 1-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 514g 4-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 525g 5-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 525g2 5-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa2102 phone adapter with router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa3102 voice gateway with router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa8000 8-port ip telephony gateway",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa8800 ip telephony gateway",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business spa series ip phones",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500\u003c7.4.9"
},
{
"model": "spa 500 series ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.4.8"
},
{
"model": "spa2102 phone adapter with router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.2.12"
},
{
"model": "spa3102 voice gateway with router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.1.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:6.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:5.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa8000_8-port_ip_telephony_gateway:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa8800_8-port_ip_telephony_gateway_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa8800_ip_telephony_gateway:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa2102_phone_adapter_with_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:3.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:5.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa3102_voice_gateway_with_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.4.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2545"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "73800"
}
],
"trust": 0.3
},
"cve": "CVE-2011-2545",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-2545",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-50490",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-2545",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-195",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-50490",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50490"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715. plural Cisco Product SIP An implementation of contains a cross-site scripting vulnerability. The problem is Bug ID CSCtr27277 , CSCtr27256 , CSCtr27274 ,and CSCtr14715 It is a problem.By a third party INVITE Message FROM Any through the field Web Script or HTML May be inserted. Cisco Small Business Voice Gateways and ATAs and Cisco Small Business SPA 500 Series IP Phones are Cisco\u0027s IP telephony solutions. Due to the lack of adequate filtering of user input to the SIP INVITE message FROM field (especially the Display Name and User ID parameters), an unverified remote attacker can send a specially crafted SIP INVITE message to entice the user to access the affected device call log WEB page when malicious When a message is processed by an affected device, the application returns a response containing the malicious code provided by the attacker to the user and causes the malicious code to execute on the target user\u0027s browser. is prone to a cross-site scripting vulnerability. Also known as Bug IDs CSCtr27277, CSCtr27256, CSCtr27274 and CSCtr14715",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "BID",
"id": "73800"
},
{
"db": "VULHUB",
"id": "VHN-50490"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-2545",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201206-195",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-3171",
"trust": 0.6
},
{
"db": "BID",
"id": "73800",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-50490",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "VULHUB",
"id": "VHN-50490"
},
{
"db": "BID",
"id": "73800"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"id": "VAR-201206-0042",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "VULHUB",
"id": "VHN-50490"
}
],
"trust": 1.3924603333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
}
]
},
"last_update_date": "2023-12-18T13:20:14.478000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "26037",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=26037"
},
{
"title": "Patch for Cisco Small Business Device Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/18036"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50490"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "NVD",
"id": "CVE-2011-2545"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=26037"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2545"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2545"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "VULHUB",
"id": "VHN-50490"
},
{
"db": "BID",
"id": "73800"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "VULHUB",
"id": "VHN-50490"
},
{
"db": "BID",
"id": "73800"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"date": "2012-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-50490"
},
{
"date": "2012-06-13T00:00:00",
"db": "BID",
"id": "73800"
},
{
"date": "2012-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"date": "2012-06-13T20:55:01.707000",
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"date": "2012-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"date": "2012-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-50490"
},
{
"date": "2012-06-13T00:00:00",
"db": "BID",
"id": "73800"
},
{
"date": "2012-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"date": "2012-06-14T04:00:00",
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"date": "2012-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Product SIP Implementation of cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.