Vulnerability Details : CVE-2014-3367
Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2014-3367
Probability of exploitation activity in the next 30 days: 0.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 62 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3367
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-3367
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3367
-
http://www.securitytracker.com/id/1030881
Cisco NX-OS Nexus 1000V Input Validation Hole Permits Cross-Site Scripting Attacks - SecurityTracker
-
http://www.securityfocus.com/bid/70010
Cisco Nexus 1000V CVE-2014-3367 Cross Site Scripting Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/96126
Cisco Nexus 1000V cross-site scripting CVE-2014-3367 Vulnerability Report
-
http://secunia.com/advisories/61426
Sign in
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3367
Cisco Nexus 1000V Cross-Site Scripting VulnerabilityVendor Advisory
Products affected by CVE-2014-3367
- cpe:2.3:a:cisco:cisco_nexus_1000v_intercloud:-:*:*:*:*:vmware:*:*