CVE-2020-3129

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.3%
top 50.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Unity ConnectionCisco Unity Connection
Timeline
PublishedJan 26
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stor

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

NVDcisco/unity_connection< 12.5su2
CVEListV5cisco/cisco_unity_connectionunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-9478-pvwh-fmh7: A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a st2022-05-24
CVEList
Cisco Unity Connection Stored Cross-Site Scripting Vulnerability2020-01-26

📋Vendor Advisories

1
Cisco
Cisco Unity Connection Stored Cross-Site Scripting Vulnerability2020-01-22