Cross-Site Scripting Vulnerability in Cisco Unified Web Interaction Manager
CVE-2015-0655

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Web And E-mail Interaction Manager
Vendor: CVE Published:; 28 February 2015

Summary

A cross-site scripting (XSS) vulnerability exists in the Unified Web Interaction Manager of Cisco. This flaw enables remote attackers to inject malicious web scripts or HTML into web applications. The vulnerability is primarily exploited through carefully crafted HTTP POST requests, allowing attackers to manipulate the web client's behavior and potentially gain unauthorized access or compromise user interactions.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1031820

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/72824

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 28, 2015
Vulnerability Reserved
Jan 7, 2015