CVE-2017-12358Cross-site Scripting in Cisco Jabber

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 61.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco JabberCisco Jabber
Timeline
PublishedNov 30
Latest updateMay 13

Description

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDcisco/jabber11.9\(0\)
CVEListV5cisco/cisco_jabberCisco Jabber

🔴Vulnerability Details

2
GHSA
GHSA-vxvx-hwhw-r4g5: A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker2022-05-13
CVEList
CVE-2017-12358: A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker2017-11-30

📋Vendor Advisories

1
Cisco
Cisco Jabber Clients Cross-Site Scripting Vulnerability2017-11-29
CVE-2017-12358 — Cross-site Scripting in Cisco Jabber | cvebase