Cisco Unity Connection Stored Cross-Site Scripting Vulnerability
CVE-2020-3129

4.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unity Connection
Vendor: CVE Published:; 26 January 2020

Badges

👾 Exploit Exists

Summary

A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element.

Affected Version(s)

Cisco Unity Connection < unspecified

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Jan 26, 2020
Vulnerability Reserved
Dec 12, 2019