{"api_version":"1","generated_at":"2026-05-13T13:53:46+00:00","cve":"CVE-2014-0670","urls":{"html":"https://cve.report/CVE-2014-0670","api":"https://cve.report/api/cve/CVE-2014-0670.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-0670","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-0670"},"summary":{"title":"CVE-2014-0670","description":"Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.","state":"PUBLISHED","assigner":"cisco","published_at":"2014-01-22 05:22:20","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90615","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90615","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/56563","name":"http://secunia.com/advisories/56563","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security Advisory SA56563 - Cisco MediaSense Search and Play Interface Cross-Site Scripting Vulnerability - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1029667","name":"http://www.securitytracker.com/id/1029667","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Cisco MediaSense Input Validation Flaw in Search and Play Interface Permits Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/65053","name":"http://www.securityfocus.com/bid/65053","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Cisco MediaSense Search and Play Cross Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://tools.cisco.com/security/center/viewAlert.x?alertId=32514","name":"http://tools.cisco.com/security/center/viewAlert.x?alertId=32514","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Alert Details - Security Center - Cisco Systems","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/102319","name":"http://osvdb.org/102319","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670","name":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Cisco Security Notice: Cisco MediaSense Search and Play Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-0670","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0670","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"670","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"mediasense","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2014","cve_id":"670","cve":"CVE-2014-0670","epss":"0.005430000","percentile":"0.677990000","score_date":"2026-05-03","updated_at":"2026-05-04 00:13:06"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T09:20:20.087Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1029667","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1029667"},{"name":"56563","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/56563"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://tools.cisco.com/security/center/viewAlert.x?alertId=32514"},{"name":"20140121 Cisco MediaSense Search and Play Cross-Site Scripting Vulnerability","tags":["vendor-advisory","x_refsource_CISCO","x_transferred"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670"},{"name":"102319","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/102319"},{"name":"65053","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/65053"},{"name":"cisco-mediasense-cve20140670-xss(90615)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90615"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2014-01-21T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-28T12:57:01.000Z","orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco"},"references":[{"name":"1029667","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1029667"},{"name":"56563","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/56563"},{"tags":["x_refsource_CONFIRM"],"url":"http://tools.cisco.com/security/center/viewAlert.x?alertId=32514"},{"name":"20140121 Cisco MediaSense Search and Play Cross-Site Scripting Vulnerability","tags":["vendor-advisory","x_refsource_CISCO"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670"},{"name":"102319","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/102319"},{"name":"65053","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/65053"},{"name":"cisco-mediasense-cve20140670-xss(90615)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90615"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2014-0670","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1029667","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1029667"},{"name":"56563","refsource":"SECUNIA","url":"http://secunia.com/advisories/56563"},{"name":"http://tools.cisco.com/security/center/viewAlert.x?alertId=32514","refsource":"CONFIRM","url":"http://tools.cisco.com/security/center/viewAlert.x?alertId=32514"},{"name":"20140121 Cisco MediaSense Search and Play Cross-Site Scripting Vulnerability","refsource":"CISCO","url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670"},{"name":"102319","refsource":"OSVDB","url":"http://osvdb.org/102319"},{"name":"65053","refsource":"BID","url":"http://www.securityfocus.com/bid/65053"},{"name":"cisco-mediasense-cve20140670-xss(90615)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90615"}]}}}},"cveMetadata":{"assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","assignerShortName":"cisco","cveId":"CVE-2014-0670","datePublished":"2014-01-22T02:00:00.000Z","dateReserved":"2014-01-02T00:00:00.000Z","dateUpdated":"2024-08-06T09:20:20.087Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-01-22 05:22:20","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:mediasense:-:*:*:*:*:*:*:*","matchCriteriaId":"9B0A2D56-3667-438C-A367-4DB74F72507B"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"670","Ordinal":"1","Title":"CVE-2014-0670","CVE":"CVE-2014-0670","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"670","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.","Type":"Description","Title":"CVE-2014-0670"},{"CveYear":"2014","CveId":"670","Ordinal":"2","NoteData":"2014-01-21","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"670","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}