Vulnerability-Lookup

CVE-2008-4542 (GCVE-0-2008-4542)

Vulnerability from cvelistv5 – Published: 2008-10-13 18:00 – Updated: 2024-08-07 10:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.voipshield.com/research-details.php?id=127	x_refsource_MISC
	http://www.securityfocus.com/bid/31642	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1021012	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/32207	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/2771	vdb-entryx_refsource_VUPEN
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:17:09.839Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-unityserver-stored-data-xss(45744)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45744"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.voipshield.com/research-details.php?id=127"
          },
          {
            "name": "31642",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31642"
          },
          {
            "name": "1021012",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021012"
          },
          {
            "name": "32207",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32207"
          },
          {
            "name": "ADV-2008-2771",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2771"
          },
          {
            "name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cisco-unityserver-stored-data-xss(45744)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45744"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.voipshield.com/research-details.php?id=127"
        },
        {
          "name": "31642",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31642"
        },
        {
          "name": "1021012",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021012"
        },
        {
          "name": "32207",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32207"
        },
        {
          "name": "ADV-2008-2771",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2771"
        },
        {
          "name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cisco-unityserver-stored-data-xss(45744)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45744"
            },
            {
              "name": "http://www.voipshield.com/research-details.php?id=127",
              "refsource": "MISC",
              "url": "http://www.voipshield.com/research-details.php?id=127"
            },
            {
              "name": "31642",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31642"
            },
            {
              "name": "1021012",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021012"
            },
            {
              "name": "32207",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32207"
            },
            {
              "name": "ADV-2008-2771",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2771"
            },
            {
              "name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4542",
    "datePublished": "2008-10-13T18:00:00",
    "dateReserved": "2008-10-13T00:00:00",
    "dateUpdated": "2024-08-07T10:17:09.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-4542\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-10-13T20:00:02.340\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cisco Unity 4.x anteriores a v4.2(1)ES162, 5.x anteriores a v5.0(1)ES56, y 7.x anteriores a v7.0(2)ES8, que permite a los administradores autenticados remotos inyectar una secuencia de comandos web o HTML arbitrarios meti\u00e9ndolos en la base de datos (tambi\u00e9n conocida como almac\u00e9n de datos).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.2\\\\(1\\\\)\",\"matchCriteriaId\":\"E0008B2C-C3EF-4C4F-AE0F-BFC2C373D68B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0\\\\(1\\\\)\",\"matchCriteriaId\":\"FDD69DB2-FD94-403D-BD18-A25FD470C817\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0\\\\(2\\\\)\",\"matchCriteriaId\":\"049041BD-EBC5-4971-BD51-DD63EFB2F430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7069DF8-3006-4651-816A-855C980256FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDE9975D-17B0-4EC8-8278-A715F4BF14F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9555A7EC-C0B6-4F48-99BE-BCE51446CF47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F3E72C-FF4B-425E-A8FB-C1C4BEDDB019\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(3\\\\):sr2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6871C23B-9B4F-4621-A1C9-55D040558610\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A164F687-98DB-409D-A9C4-D04ECF6DD53F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(4\\\\):sr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"255CAB12-EE1D-4DC3-B854-E0D645F4C9B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(5\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A9BA9FD-99EC-4571-ACE8-2EFD13EFEBC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.1\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B746D68B-C6A4-494C-9302-F4652E1E2A13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20DAD5D8-6882-48FE-AE7A-9440F47F6C2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EED32D3-A1C5-430C-8488-4D221196CB76\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/32207\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021012\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/31642\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=127\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2771\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45744\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32207\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/31642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-4542

Vulnerability from fkie_nvd - Published: 2008-10-13 20:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/32207	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1021012
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/31642
cve@mitre.org	http://www.voipshield.com/research-details.php?id=127
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2771
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/45744
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32207	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021012
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31642
af854a3a-2127-422b-91ae-364da2661108	http://www.voipshield.com/research-details.php?id=127
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2771
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45744

Impacted products

Vendor	Product	Version
cisco	unity	*
cisco	unity	*
cisco	unity	*
cisco	unity	4.0
cisco	unity	4.0\(1\)
cisco	unity	4.0\(2\)
cisco	unity	4.0\(3\)
cisco	unity	4.0\(3\)
cisco	unity	4.0\(4\)
cisco	unity	4.0\(4\)
cisco	unity	4.0\(5\)
cisco	unity	4.1\(1\)
cisco	unity	5.0
cisco	unity	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0008B2C-C3EF-4C4F-AE0F-BFC2C373D68B",
              "versionEndIncluding": "4.2\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD69DB2-FD94-403D-BD18-A25FD470C817",
              "versionEndIncluding": "5.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "049041BD-EBC5-4971-BD51-DD63EFB2F430",
              "versionEndIncluding": "7.0\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7069DF8-3006-4651-816A-855C980256FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CDE9975D-17B0-4EC8-8278-A715F4BF14F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9555A7EC-C0B6-4F48-99BE-BCE51446CF47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "16F3E72C-FF4B-425E-A8FB-C1C4BEDDB019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(3\\):sr2:*:*:*:*:*:*",
              "matchCriteriaId": "6871C23B-9B4F-4621-A1C9-55D040558610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A164F687-98DB-409D-A9C4-D04ECF6DD53F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(4\\):sr1:*:*:*:*:*:*",
              "matchCriteriaId": "255CAB12-EE1D-4DC3-B854-E0D645F4C9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0A9BA9FD-99EC-4571-ACE8-2EFD13EFEBC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B746D68B-C6A4-494C-9302-F4652E1E2A13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DAD5D8-6882-48FE-AE7A-9440F47F6C2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EED32D3-A1C5-430C-8488-4D221196CB76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cisco Unity 4.x anteriores a v4.2(1)ES162, 5.x anteriores a v5.0(1)ES56, y 7.x anteriores a v7.0(2)ES8, que permite a los administradores autenticados remotos inyectar una secuencia de comandos web o HTML arbitrarios meti\u00e9ndolos en la base de datos (tambi\u00e9n conocida como almac\u00e9n de datos)."
    }
  ],
  "id": "CVE-2008-4542",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-10-13T20:00:02.340",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32207"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1021012"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31642"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.voipshield.com/research-details.php?id=127"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2771"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.voipshield.com/research-details.php?id=127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45744"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200810-0356

Vulnerability from variot - Updated: 2025-04-10 23:09

Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store). Unity is prone to a cross-site scripting vulnerability. Cisco Unity is a voice and unified messaging platform. Multiple security vulnerabilities exist in Cisco Unity that could allow a malicious user to disclose sensitive information, cause a denial of service, or inject malicious scripts. A remote attacker could provide malicious data to the database. The next time an administrator logs in and visits a page that relies on the stored information, cross-site scripting can be executed. ----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/

TITLE: Cisco Unity Script Insertion Vulnerability

SECUNIA ADVISORY ID: SA32207

VERIFY ADVISORY: http://secunia.com/advisories/32207/

CRITICAL: Not critical

IMPACT: Cross Site Scripting

WHERE:

From local network

SOFTWARE: Cisco Unity 4.x http://secunia.com/advisories/product/4386/ Cisco Unity 5.x http://secunia.com/advisories/product/20082/ Cisco Unity 7.x http://secunia.com/advisories/product/20083/

DESCRIPTION: A vulnerability has been reported in Cisco Unity, which can be exploited by malicious users to conduct script insertion attacks.

Unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed.

Successful exploitation requires valid administrator access.

SOLUTION: The vulnerability will be fixed in versions 4.2(1)ES162 5.0(1)ES56, and 7.0(2)ES8.

PROVIDED AND/OR DISCOVERED BY: VoIPshield Systems

ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml

VoIPshield: http://www.voipshield.com/research-details.php?id=127&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200810-0356",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0\\(3\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0\\(4\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0\\(5\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0\\(2\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1\\(1\\)"
      },
      {
        "model": "unity",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.2\\(1\\)"
      },
      {
        "model": "unity",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.0\\(1\\)"
      },
      {
        "model": "unity",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.0\\(2\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0\\(1\\)"
      },
      {
        "model": "unity",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.2(1)es162"
      },
      {
        "model": "unity",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.0(1)es56"
      },
      {
        "model": "unity",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.0(2)es8"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.0\\(1\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4.2\\(1\\)"
      },
      {
        "model": "unity 7.0%282%29",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unity 5.0%281%29",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unity 4.2%281%29",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unity 4.1%281%29",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unity 4.0%285%29",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unity 4.0%284%29 sr1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unity 4.0%284%29",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unity 4.0%283%29 sr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unity 4.0%283%29",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unity 4.0%282%29",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unity 4.0%281%29",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "80844"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-182"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4542"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:unity",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002360"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "VoIPshield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-182"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-4542",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2008-4542",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-34667",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-4542",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-4542",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200810-182",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-34667",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34667"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-182"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4542"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store). Unity is prone to a cross-site scripting vulnerability. Cisco Unity is a voice and unified messaging platform. Multiple security vulnerabilities exist in Cisco Unity that could allow a malicious user to disclose sensitive information, cause a denial of service, or inject malicious scripts. A remote attacker could provide malicious data to the database. The next time an administrator logs in and visits a page that relies on the stored information, cross-site scripting can be executed. ----------------------------------------------------------------------\n\nDo you need accurate and reliable IDS / IPS / AV detection rules?\n\nGet in-depth vulnerability details:\nhttp://secunia.com/binary_analysis/sample_analysis/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Unity Script Insertion Vulnerability\n\nSECUNIA ADVISORY ID:\nSA32207\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/32207/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nCisco Unity 4.x\nhttp://secunia.com/advisories/product/4386/\nCisco Unity 5.x\nhttp://secunia.com/advisories/product/20082/\nCisco Unity 7.x\nhttp://secunia.com/advisories/product/20083/\n\nDESCRIPTION:\nA vulnerability has been reported in Cisco Unity, which can be\nexploited by malicious users to conduct script insertion attacks. \n\nUnspecified input is not properly sanitised before being used. This\ncan be exploited to insert arbitrary HTML and script code, which will\nbe executed in a user\u0027s browser session in context of an affected site\nwhen the malicious data is viewed. \n\nSuccessful exploitation requires valid administrator access. \n\nSOLUTION:\nThe vulnerability will be fixed in versions 4.2(1)ES162 5.0(1)ES56,\nand 7.0(2)ES8. \n\nPROVIDED AND/OR DISCOVERED BY:\nVoIPshield Systems\n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml\n\nVoIPshield:\nhttp://www.voipshield.com/research-details.php?id=127\u0026s=1\u0026threats_details=\u0026threats_category=0\u0026threats_vendor=0\u0026limit=20\u0026sort=discovered\u0026sortby=DESC\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-4542"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002360"
      },
      {
        "db": "BID",
        "id": "80844"
      },
      {
        "db": "VULHUB",
        "id": "VHN-34667"
      },
      {
        "db": "PACKETSTORM",
        "id": "70764"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-4542",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "31642",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1021012",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "32207",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2771",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "45744",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002360",
        "trust": 0.8
      },
      {
        "db": "CISCO",
        "id": "20081008 VOIPSHIELD REPORTED VULNERABILITIES IN CISCO UNITY SERVER",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-182",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "80844",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-34667",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "70764",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34667"
      },
      {
        "db": "BID",
        "id": "80844"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002360"
      },
      {
        "db": "PACKETSTORM",
        "id": "70764"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-182"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4542"
      }
    ]
  },
  "id": "VAR-200810-0356",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34667"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T23:09:31.020000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "107983",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002360"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34667"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002360"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4542"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.securityfocus.com/bid/31642"
      },
      {
        "trust": 2.0,
        "url": "http://www.cisco.com/en/us/products/products_security_response09186a0080a0d861.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.voipshield.com/research-details.php?id=127"
      },
      {
        "trust": 2.0,
        "url": "http://securitytracker.com/id?1021012"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/32207"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/2771"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45744"
      },
      {
        "trust": 0.9,
        "url": "http://xforce.iss.net/xforce/xfdb/45744"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4542"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4542"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/2771"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/20082/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/binary_analysis/sample_analysis/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/4386/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/20083/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://www.voipshield.com/research-details.php?id=127\u0026s=1\u0026threats_details=\u0026threats_category=0\u0026threats_vendor=0\u0026limit=20\u0026sort=discovered\u0026sortby=desc"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/32207/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34667"
      },
      {
        "db": "BID",
        "id": "80844"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002360"
      },
      {
        "db": "PACKETSTORM",
        "id": "70764"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-182"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4542"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-34667"
      },
      {
        "db": "BID",
        "id": "80844"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002360"
      },
      {
        "db": "PACKETSTORM",
        "id": "70764"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-182"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4542"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-10-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-34667"
      },
      {
        "date": "2008-10-13T00:00:00",
        "db": "BID",
        "id": "80844"
      },
      {
        "date": "2009-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002360"
      },
      {
        "date": "2008-10-10T16:17:34",
        "db": "PACKETSTORM",
        "id": "70764"
      },
      {
        "date": "2008-10-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200810-182"
      },
      {
        "date": "2008-10-13T20:00:02.340000",
        "db": "NVD",
        "id": "CVE-2008-4542"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-34667"
      },
      {
        "date": "2008-10-13T00:00:00",
        "db": "BID",
        "id": "80844"
      },
      {
        "date": "2009-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002360"
      },
      {
        "date": "2008-12-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200810-182"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2008-4542"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-182"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unity Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002360"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-182"
      }
    ],
    "trust": 0.6
  }
}

GHSA-VV87-GPWP-Q6F3

Vulnerability from github – Published: 2022-05-02 00:11 – Updated: 2022-05-02 00:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-4542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-10-13T20:00:00Z",
    "severity": "LOW"
  },
  "details": "Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store).",
  "id": "GHSA-vv87-gpwp-q6f3",
  "modified": "2022-05-02T00:11:02Z",
  "published": "2022-05-02T00:11:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4542"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45744"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32207"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1021012"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31642"
    },
    {
      "type": "WEB",
      "url": "http://www.voipshield.com/research-details.php?id=127"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2771"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-4542

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-4542

Aliases

CVE-2008-4542

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-4542",
    "description": "Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store).",
    "id": "GSD-2008-4542"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-4542"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store).",
      "id": "GSD-2008-4542",
      "modified": "2023-12-13T01:22:59.484442Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-4542",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "cisco-unityserver-stored-data-xss(45744)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45744"
          },
          {
            "name": "http://www.voipshield.com/research-details.php?id=127",
            "refsource": "MISC",
            "url": "http://www.voipshield.com/research-details.php?id=127"
          },
          {
            "name": "31642",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31642"
          },
          {
            "name": "1021012",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1021012"
          },
          {
            "name": "32207",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32207"
          },
          {
            "name": "ADV-2008-2771",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2771"
          },
          {
            "name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.1\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(3\\):sr2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(4\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0\\(2\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(4\\):sr1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4542"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
            },
            {
              "name": "http://www.voipshield.com/research-details.php?id=127",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.voipshield.com/research-details.php?id=127"
            },
            {
              "name": "1021012",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1021012"
            },
            {
              "name": "31642",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/31642"
            },
            {
              "name": "32207",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32207"
            },
            {
              "name": "ADV-2008-2771",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2771"
            },
            {
              "name": "cisco-unityserver-stored-data-xss(45744)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45744"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:32Z",
      "publishedDate": "2008-10-13T20:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-4542 (GCVE-0-2008-4542)

FKIE_CVE-2008-4542

VAR-200810-0356

GHSA-VV87-GPWP-Q6F3

GSD-2008-4542

Tags

Sightings

Nomenclature