CVE-2015-0749Cross-site Scripting in Cisco Unified Communications Manager

CWE-79Cross-site ScriptingCWE-20Improper Input Validation4 documents4 sources
Severity
6.1MEDIUMNVD
CNA4.3
EPSS
0.2%
top 53.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Communications ManagerCisco Unified Communications Manager
Timeline
PublishedFeb 19
Latest updateMay 24

Description

A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5cisco/cisco_unified_communications_managernext of 11.5(0.98000.108)unspecified

🔴Vulnerability Details

2
GHSA
GHSA-q5h4-crfg-8c2v: A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack2022-05-24
CVEList
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability2020-02-19

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Multiple Vulnerabilities2015-05-22
CVE-2015-0749 — Cross-site Scripting in Cisco | cvebase