CVE-2014-2125

CVE Database · CVE-2014-2125

CVE-2014-2125

· N/AModified

CVSS v3.1

N/A

EPSS

1.15%

Published

Apr 2, 2014

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.

Weaknesses (CWE)

CWE-79

Affected Products (8)

cisco · unity_connectionvulnerable

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2125

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=33603

Vendor Advisory

http://www.securitytracker.com/id/1029988

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2125

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=33603

Vendor Advisory

http://www.securitytracker.com/id/1029988

KEV Catalog EPSS Scores Vendors All CVEs