Stored Cross-Site Scripting Vulnerability in Cisco Spark Messaging Software
CVE-2017-12269

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Spark Messaging
Vendor: CVE Published:; 5 October 2017

Summary

A vulnerability exists in the web UI of Cisco Spark Messaging Software that enables an authenticated remote attacker to carry out a stored cross-site scripting (XSS) attack. This security issue arises from the application's insufficient input validation, allowing attackers to inject malicious scripts into the web interface. If exploited, this vulnerability could lead to unauthorized code execution by users or enable attackers to access sensitive information stored within the application.

Affected Version(s)

Cisco Spark Messaging Cisco Spark Messaging

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101150

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 5, 2017
Vulnerability Reserved
Aug 3, 2017