CVE-2022-20788

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.3%
top 44.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Unified Communications ManagerCisco Unity ConnectionCisco Cisco Unified Communications Manager
Timeline
PublishedApr 21
Latest updateApr 22

Description

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDcisco/unified_communications_manager11.5\(1\)11.5\(1\)su11+2
NVDcisco/unity_connection12.5\(1\)12.5\(1\)su6+1

🔴Vulnerability Details

2
GHSA
GHSA-57ch-34m3-f49g: A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Editio2022-04-22
CVEList
Cisco Unified Communications Products Cross-Site Scripting Vulnerability2022-04-21

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Products Cross-Site Scripting Vulnerability2022-04-20
CVE-2022-20788 (MEDIUM CVSS 6.1) | A vulnerability in the web-based ma | cvebase.io