Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager
CVE-2018-0396

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Unified Communications Manager Im And Presence Service Unknown
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability in the web framework of Cisco Unified Communications Manager IM and Presence Service enables authenticated remote attackers to launch cross-site scripting (XSS) attacks. This occurs due to inadequate input validation of specific parameters sent to the web server. Attackers can exploit this issue by tricking users into clicking on a malicious link or by intercepting their requests to inject harmful scripts. Successful exploitation allows attackers to execute arbitrary scripts in the context of the affected site, potentially accessing sensitive information stored in the user's browser.

Affected Version(s)

Cisco Unified Communications Manager IM And Presence Service unknown Cisco Unified Communications Manager IM And Presence Service unknown

References

http://www.securityfocus.com/bid/104872
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041350
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1041349
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.