Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager
CVE-2023-20242
6.1MEDIUM
Key Information:
- Vendor
Cisco
- Status
- Vendor
- CVE Published:
- 16 August 2023
What is CVE-2023-20242?
A vulnerability exists within the web-based management interface of Cisco Unified Communications Manager and its associated services that allows an unauthenticated remote attacker to perform cross-site scripting (XSS) attacks. This issue arises from insufficient validation of user-supplied input within the interface. Attackers can exploit this weakness by luring an unsuspecting user to click on a malicious link, potentially allowing execution of arbitrary script code in the context of the affected interface or access to sensitive browser-based information.
Affected Version(s)
Cisco Unified Communications Manager 12.0(1)SU1
Cisco Unified Communications Manager 12.0(1)SU2
Cisco Unified Communications Manager 12.0(1)SU3