CVE-2015-4272 — Cross-site Scripting in Cisco Unified Communications Manager

CWE-79 — Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 50.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Communications Manager
Timeline
PublishedJul 14
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDcisco/unified_communications_manager10.5\(2.10000.5\)

🔴Vulnerability Details

2
GHSA
GHSA-fmjc-gqw6-mrv8: Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10↗2022-05-17
â–¶
CVEList
CVE-2015-4272: Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10↗2015-07-14
â–¶

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager ccmivr Page Cross-Site Scripting Vulnerability↗2015-07-13
â–¶
CVE-2015-4272 — Cross-site Scripting in Cisco | cvebase