CVE-2017-3874 — Cross-site Scripting in Cisco Unified Communications Manager

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 57.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco Unified Communications Manager

Timeline

PublishedMar 17

Latest updateMay 17

Description

A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.507) 11.0(1.23900.5) 11.0(1.23900.3) 10.5(2.15900.2).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDcisco/unified_communications_manager11.5\(1.11007.2\)

▶CVEListV5cisco/cisco_unified_communications_managerCisco Unified Communications Manager

🔴Vulnerability Details

GHSA

GHSA-855h-3276-g7mj: A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a↗2022-05-17

▶

CVEList

CVE-2017-3874: A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a↗2017-03-17

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability↗2017-03-15

▶