Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager and Presence

CVE-2018-0328

Summary

A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence allows unauthenticated remote attackers to launch cross-site scripting (XSS) attacks via insufficient input validation. This flaw arises from the handling of parameters in the HTTP GET and POST requests, potentially enabling attackers to execute arbitrary script or HTML code in a user's browser. If an attacker can persuade a user to click a specially crafted link, they could exploit this vulnerability to manipulate user sessions and conduct further malicious activities. For detailed insights, refer to Cisco's security advisory.

References