Thursday, March 3, 2016

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager (UCDM) Software could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack.

The vulnerability is due to insufficient input validation of user-submitted content. An attacker could exploit this vulnerability by disguising embedded, malicious HTML in the affected web page and persuading the user to access a page that uses variables to express the malicious HTML.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/21HDryT A vulnerability in the web framework of Cisco Unified Communications Domain Manager (UCDM) Software could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack.

The vulnerability is due to insufficient input validation of user-submitted content. An attacker could exploit this vulnerability by disguising embedded, malicious HTML in the affected web page and persuading the user to access a page that uses variables to express the malicious HTML.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/21HDryT
Security Impact Rating: Medium
CVE: CVE-2016-1354

from Cisco Security Advisory http://ift.tt/21HDryT
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)