Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager
CVE-2018-0340

5.4MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Unified Communications Manager Unknown
Vendor
CVE Published:
7 June 2018

What is CVE-2018-0340?

A vulnerability in the web framework of Cisco Unified Communications Manager enables an authenticated, remote attacker to execute cross-site scripting attacks through insufficient input validation of specific parameters. By manipulating user access to a malicious link or intercepting requests, attackers can inject harmful scripts. This exploitation could lead to arbitrary code execution within the context of the affected site, compromising sensitive information accessible from the browser.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Unified Communications Manager unknown Cisco Unified Communications Manager unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104448
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041070
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.