Cross-Site Scripting Vulnerability in Cisco Unified Web and E-Mail Interaction Manager
CVE-2015-6255

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Web And E-mail Interaction Manager
Vendor: CVE Published:; 19 August 2015

What is CVE-2015-6255?

A cross-site scripting vulnerability exists in Cisco Unified Web and E-Mail Interaction Manager 9.0(2), which enables remote attackers to inject arbitrary web scripts or HTML through specially crafted chat messages. This flaw can lead to various security issues, including session hijacking and unwanted actions performed on behalf of unsuspecting users.

References

http://www.securitytracker.com/id/1033330

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/76406

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2015
Vulnerability Reserved
Aug 17, 2015