Cross-site scripting vulnerability in Cisco Unified Presence Server
CVE-2015-4220

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Presence Server
Vendor: CVE Published:; 25 June 2015

Summary

A cross-site scripting vulnerability exists within the Cisco Unified Presence Server 9.1(1), enabling remote attackers to inject malicious web scripts or HTML into the application. This flaw is associated with an unspecified value that, when exploited, can lead to unauthorized access and manipulation of content transmitted to users. Attackers may leverage this vulnerability to execute harmful scripts in the context of a user's session, potentially compromising sensitive information and the integrity of user interactions.

References

http://www.securityfocus.com/bid/75407

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1032717

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jun 25, 2015
Vulnerability Reserved
Jun 4, 2015