Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager IM & Presence Service
CVE-2024-20310

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco iOS Xe Software; Cisco Unified Communications Manager Im And Presence Service
Vendor: CVE Published:; 3 April 2024

Badges

👾 Exploit Exists

Summary

A vulnerability found in the web management interface of Cisco Unified Communications Manager IM & Presence Service allows an unauthenticated remote attacker to execute Cross-Site Scripting (XSS) attacks. This issue arises due to the failure of the web interface to adequately validate user-supplied input. An attacker can exploit this vulnerability by convincing an authenticated user to click on a specially crafted link, potentially enabling the execution of arbitrary script code within the context of the affected interface or exposing sensitive browser information.

Affected Version(s)

Cisco IOS XE Software

Cisco Unified Communications Manager IM and Presence Service 10.5(1)

Cisco Unified Communications Manager IM and Presence Service 10.5(2)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Jun 20, 2024
Vulnerability published
Apr 3, 2024