CVE-2017-3802Cross-site Scripting in Cisco Unified Communications Manager

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 47.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Communications Manager
Timeline
PublishedJan 26
Latest updateMay 17

Description

A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8x37-8gfm-c756: A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack2022-05-17
CVEList
CVE-2017-3802: A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack2017-01-26

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability2017-01-18
CVE-2017-3802 — Cross-site Scripting in Cisco | cvebase