CVE-2018-0201

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 53.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Jabber

Timeline

PublishedFeb 22

Latest updateMay 13

Description

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant messages. An exploit could allow the attacker to cause the recipient chat client to make outbound requests. Cisco Bug IDs: CSCve54001.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5cisco_jabber_client_frameworkCisco Jabber Client Framework

▶NVDcisco/jabber11.9, 11.9\(.0\)+1

🔴Vulnerability Details

GHSA

GHSA-9w68-rr8q-q8v4: A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack ag↗2022-05-13

▶

CVEList

CVE-2018-0201: A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack ag↗2018-02-22

▶

📋Vendor Advisories

Cisco

Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability↗2018-02-22

▶