Cisco Unified Communications Manager and Session Management Edition Vulnerable to XSS Attacks
CVE-2020-3420

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Communications Manager
Vendor: CVE Published:; 18 November 2024

Summary

A cross-site scripting vulnerability exists in the web-based management interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. This issue stems from inadequate validation of user-supplied input, enabling an authenticated, remote attacker to inject malicious scripts into the interface. By exploiting this vulnerability, an attacker could execute arbitrary script code within the context of the interface or gain unauthorized access to sensitive browser-based information. There are currently no workarounds available to mitigate this vulnerability.

Affected Version(s)

Cisco Unified Communications Manager

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Dec 12, 2019