CVE-2015-4292

{"id": "CVE-2015-4292", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-08-01T01:59:16.957", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40214", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1033172", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818."}, {"lang": "es", "value": "Vulnerabilidad XSS en la interfaz de administraci\u00f3n de Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2), permite a atacantes remotosinyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un valor no especificado, tambi\u00e9n conocida como Bug ID CSCuv45818."}], "lastModified": "2015-08-21T16:06:10.910", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_central_for_hosted_collaboration_solution_assurance:10.6\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BE548CA-6AC1-4BD1-AAA9-5FC651DB0835"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}