Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager and Presence
CVE-2018-0328

6.1MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Unified Communications Manager And Cisco Unified Presence
Vendor
CVE Published:
17 May 2018

What is CVE-2018-0328?

A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence allows unauthenticated remote attackers to launch cross-site scripting (XSS) attacks via insufficient input validation. This flaw arises from the handling of parameters in the HTTP GET and POST requests, potentially enabling attackers to execute arbitrary script or HTML code in a user's browser. If an attacker can persuade a user to click a specially crafted link, they could exploit this vulnerability to manipulate user sessions and conduct further malicious activities. For detailed insights, refer to Cisco's security advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Unified Communications Manager and Cisco Unified Presence Cisco Unified Communications Manager and Cisco Unified Presence

References

http://www.securitytracker.com/id/1040929
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040928
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.