Cross-Site Scripting in Cisco Jabber Guest Server Management Interface
CVE-2016-1311

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Jabber Guest
Vendor: CVE Published:; 6 February 2016

What is CVE-2016-1311?

A cross-site scripting vulnerability exists in the management interface of Cisco Jabber Guest Server 10.6(8). This flaw allows remote attackers to inject arbitrary web scripts or HTML through a vulnerable host tag parameter. Exploiting this vulnerability could lead to unauthorized actions and compromise the integrity of the management interface.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1034936

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2016
Vulnerability Reserved
Jan 4, 2016