Cross-Site Scripting Vulnerability in Cisco Unity Connection
CVE-2018-0354
6.1MEDIUM
Summary
A vulnerability exists in the web framework of Cisco Unity Connection, enabling an unauthenticated remote attacker to execute a cross-site scripting (XSS) attack. This issue arises from insufficient input validation of certain parameters transmitted through HTTP GET and POST methods. If an attacker manages to trick a user into following a specially crafted link, they could run arbitrary script or HTML code within the user's browser context on the affected system, potentially compromising web interface security.
Affected Version(s)
Cisco Unity Connection unknown Cisco Unity Connection unknown
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved