Cisco: >> Videoscape Distribution Suite Service Manager >> 3.3.0 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCva14552.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-10-05
Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.
CVSS Score
6.5
EPSS Score
0.001
Published
2015-12-12