Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager
CVE-2018-0340
5.4MEDIUM
Key Information:
- Vendor
- Cisco
- Vendor
- CVE Published:
- 7 June 2018
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager enables an authenticated, remote attacker to execute cross-site scripting attacks through insufficient input validation of specific parameters. By manipulating user access to a malicious link or intercepting requests, attackers can inject harmful scripts. This exploitation could lead to arbitrary code execution within the context of the affected site, compromising sensitive information accessible from the browser.
Affected Version(s)
Cisco Unified Communications Manager unknown Cisco Unified Communications Manager unknown
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved