CVE-2014-3315

medium

Description

Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/94430

http://www.securityfocus.com/bid/68477

http://tools.cisco.com/security/center/viewAlert.x?alertId=34900

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315

http://secunia.com/advisories/59739

Details

Source: Mitre, NVD

Published: 2014-07-10

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00357