CVE-2014-3367

Published: Sep 20, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524.

Affected (1)

Products: Cisco: Cisco Nexus 1000v Intercloud

Cisco

1 product

Cisco Nexus 1000v Intercloud

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Cisco Nexus 1000v Intercloud	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (10)

http://secunia.com/advisories/61426

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3367

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/70010

Source: psirt@cisco.com

http://www.securitytracker.com/id/1030881

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/96126

Source: psirt@cisco.com

http://secunia.com/advisories/61426