From 007c2459cb592c7a592a247c4cbeb7cafb83da73 Mon Sep 17 00:00:00 2001
From: santosomar <santosomar@gmail.com>
Date: Wed, 23 Sep 2020 00:19:53 +0000
Subject: [PATCH] Adding Cisco CVE-2019-16025

---
 2019/16xxx/CVE-2019-16025.json | 86 ++++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 2019/16xxx/CVE-2019-16025.json

diff --git a/2019/16xxx/CVE-2019-16025.json b/2019/16xxx/CVE-2019-16025.json
new file mode 100644
index 00000000000..b3fddf6266d
--- /dev/null
+++ b/2019/16xxx/CVE-2019-16025.json
@@ -0,0 +1,86 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2020-01-08T16:00:00",
+        "ID": "CVE-2019-16025",
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco Emergency Responder ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into that request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information. "
+            }
+        ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "5.5",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20200108 Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-er-xss"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-20200108-er-xss",
+        "defect": [
+            [
+                "CSCvr15545"
+            ]
+        ],
+        "discovery": "INTERNAL"
+    }
+}