{"api_version":"1","generated_at":"2026-04-23T11:48:57+00:00","cve":"CVE-2015-0703","urls":{"html":"https://cve.report/CVE-2015-0703","api":"https://cve.report/api/cve/CVE-2015-0703.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-0703","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-0703"},"summary":{"title":"CVE-2015-0703","description":"Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2015-04-21 02:59:00","updated_at":"2017-01-06 15:52:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1032164","name":"1032164","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Cisco Unified MeetingPlace Input Validation Flaw in Administrative Interface Permits Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://tools.cisco.com/security/center/viewAlert.x?alertId=38459","name":"20150420 Cisco Unified MeetingPlace Administrative Web Interface Reflected Cross-Site Scripting Vulnerability","refsource":"CISCO","tags":["Vendor Advisory"],"title":"Cisco Unified MeetingPlace Administrative Web Interface Reflected Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-0703","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0703","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"703","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"unified_meetingplace","cpe6":"8.6(1.9)","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"703","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"unified_meetingplace","cpe6":"8.6\\(1.9\\)","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"703","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"unified_meetingplace","cpe6":"8.6\\(1.9\\)","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2015-0703","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1032164","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1032164"},{"name":"20150420 Cisco Unified MeetingPlace Administrative Web Interface Reflected Cross-Site Scripting Vulnerability","refsource":"CISCO","url":"http://tools.cisco.com/security/center/viewAlert.x?alertId=38459"}]}},"nvd":{"publishedDate":"2015-04-21 02:59:00","lastModifiedDate":"2017-01-06 15:52:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:unified_meetingplace:8.6\\(1.9\\):*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"703","Ordinal":"77374","Title":"CVE-2015-0703","CVE":"CVE-2015-0703","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"703","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"703","Ordinal":"2","NoteData":"2015-04-20","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"703","Ordinal":"3","NoteData":"2016-12-30","Type":"Other","Title":"Modified"}]}}}