CVE-2015-6402 — Vulnetix

CVE-2015-6402 PUBLISHED CVSS 4.300000190734863 MEDIUM

Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935.

EPSS 34.27% · 97.1th percentile

Risk Scores

CVSS 2.0

4.300000190734863

EPSS Score

34.27%

97.1th percentile

Affected Products

Vendor	Product	Versions
cisco	epc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice_adapter	5.5.10, 5.5.11, 5.7.1
n/a	n/a	*

Exploit Intelligence

1034346 (circl)
20151208 Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability (circl)
39904 (cve.org)
Cisco EPC 3928 - Multiple Vulnerabilities (0day-today)
Cisco EPC 3928 - Multiple Vulnerabilities (0day-today)

Timeline

Dec 8, 2015 CVE Published
Jun 6, 2016 PoC Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 16, 2023 EPSS Score

References

1034346 vdb
39904 exploit
20151208 Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2015-6402 advisory
https://www.exploit-db.com/exploits/39904 url

Open in Interactive Console →