From 8559901a1f671d36596b9529cd90780878d41f1e Mon Sep 17 00:00:00 2001 From: santosomar Date: Mon, 27 Jan 2020 16:28:22 +0000 Subject: [PATCH 1/2] Adding Cisco CVE-2020-3136- --- 2020/3xxx/CVE-2020-3136.json | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/2020/3xxx/CVE-2020-3136.json b/2020/3xxx/CVE-2020-3136.json index bb636ed921c..5b0ca7cce5c 100644 --- a/2020/3xxx/CVE-2020-3136.json +++ b/2020/3xxx/CVE-2020-3136.json @@ -37,16 +37,10 @@ "description_data": [ { "lang": "eng", - "value": "[CVE-2020-3136_su] A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information." + "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information." } ] }, - "exploit": [ - { - "lang": "eng", - "value": "[CVE-2020-3136_ex] " - } - ], "impact": { "cvss": { "baseScore": "6.1", @@ -84,4 +78,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} From 860207be09ad0cab6de40395e22889659d8819bd Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Mon, 27 Jan 2020 20:35:59 +0100 Subject: [PATCH 2/2] Update CVE-2020-3136.json --- 2020/3xxx/CVE-2020-3136.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2020/3xxx/CVE-2020-3136.json b/2020/3xxx/CVE-2020-3136.json index 5b0ca7cce5c..967e655d663 100644 --- a/2020/3xxx/CVE-2020-3136.json +++ b/2020/3xxx/CVE-2020-3136.json @@ -18,7 +18,7 @@ "version_data": [ { "affected": "<", - "version_value": "n/a" + "version_value": "11.1(3)" } ] } @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information." + "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affected Cisco Jabber Guest releases 11.1(2) and earlier." } ] },