CVE-2018-15426

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 60.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Unity ConnectionCisco Unity Connection
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the web-based interface to click a malicious lin

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

NVDcisco/unity_connectionvmo-11.5\(1\)

🔴Vulnerability Details

2
GHSA
GHSA-p7hq-45mg-c8p3: A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scri2022-05-13
CVEList
Cisco Unity Connection Stored Cross-Site Scripting Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco Unity Connection Stored Cross-Site Scripting Vulnerability2018-10-03
CVE-2018-15426 (MEDIUM CVSS 4.8) | A vulnerability in the web-based in | cvebase.io