CVE-2015-0623

{"id": "CVE-2015-0623", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-02-19T00:59:01.227", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0623", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627."}, {"lang": "es", "value": "Vulnerabilidad de XSS en la p\u00e1gina de informes de administradores en los dispositivos Cisco Web Security Appliance (WSA) permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCus40627."}], "lastModified": "2015-02-19T20:00:14.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F24CCD0-DFAB-44D9-B29A-A6D925A83C93"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}