Cross-Site Scripting Vulnerability in Cisco IM and Presence Service
CVE-2015-4294

Currently unrated

Key Information:

Vendor
Cisco
Status
Unified Communications Manager Im And Presence Service
Vendor
CVE Published:
1 August 2015

Summary

The Cisco IM and Presence Service has a vulnerability that allows remote attackers to inject arbitrary web scripts or HTML through a specially crafted URL. This vulnerability arises from incomplete filtering of HTML elements, making it possible for an attacker to exploit this weakness to execute malicious scripts in the context of a user's session.

References

http://www.securitytracker.com/id/1033171
vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/viewAlert.x?alertI...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.