Wednesday, June 22, 2016

Cisco Unified Contact Center Enterprise Web-Based Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unified Contact Center Enterprise Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.
 
The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by persuading a user to click a specific link.

Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/28OdLNa A vulnerability in the HTTP web-based management interface of Cisco Unified Contact Center Enterprise Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.
 
The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by persuading a user to click a specific link.

Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/28OdLNa
Security Impact Rating: Medium
CVE: CVE-2016-1439

from Cisco Security Advisory http://ift.tt/28OdLNa

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.