CVE-2018-0483

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 60.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Jabber IM FOR AndroidCisco Jabber
Timeline
PublishedJan 10
Latest updateMay 13

Description

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of t

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.5

Affected Packages2 packages

NVDcisco/jabber10.0\(0\)

🔴Vulnerability Details

2
GHSA
GHSA-f4r7-vfm8-w85w: A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack ag2022-05-13
CVEList
Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability2019-01-10

📋Vendor Advisories

1
Cisco
Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability2019-01-09
CVE-2018-0483 (MEDIUM CVSS 5.4) | A vulnerability in Cisco Jabber Cli | cvebase.io