CVE-2011-3294

medium

Cisco

CVSS v3 Base Score

4.3

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Score

0.3%

Exploitation probability in 30 days

Top 51% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

None

Integrity

Availability

None

Published: October 19, 2011 (5320 days ago)

Last Modified: April 29, 2026

Vendor: Cisco

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342.

CWE

CWE-79

Affected Products

cisco telepresence video communication serverscisco telepresence video communication servers software

References

🔗 securitytracker.com 🔗 www.cisco.com 🔗 www.securityfocus.com 🔗 exchange.xforce.ibmcloud.com 🔗 securitytracker.com

CVE-2011-3294

Vulnerability Report

Description

CWE

Affected Products

References