CVE-2018-0199

CWE-79 — Cross-site Scripting (XSS)9 documents8 sources

Severity

6.1MEDIUM

EPSS

0.5%

top 34.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Jabber

Timeline

PublishedFeb 22

Latest updateMay 13

Description

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5cisco_jabber_client_frameworkCisco Jabber Client Framework

▶NVDcisco/jabber11.9, 11.9\(0\)+1

🔴Vulnerability Details

GHSA

GHSA-jfcj-v8f4-wj2w: A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack↗2022-05-13

▶

CVEList

CVE-2018-0199: A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack↗2018-02-22

▶

📋Vendor Advisories

Cisco

Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability↗2018-02-22

▶