Wednesday, January 18, 2017

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.

The vulnerability is due to insufficient input validation of some parameters that are passed via the HTTP GET or HTTP POST method. An attacker could exploit this vulnerability by intercepting user packets and injecting malicious code into those packets.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2k01yIG A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.

The vulnerability is due to insufficient input validation of some parameters that are passed via the HTTP GET or HTTP POST method. An attacker could exploit this vulnerability by intercepting user packets and injecting malicious code into those packets.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2k01yIG
Security Impact Rating: Medium
CVE: CVE-2017-3802

from Cisco Security Advisory http://ift.tt/2k01yIG
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)