CVE-2024-20310

CWE-234 documents4 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 62.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco IOS XE Software Cisco Cisco Unified Communications Manager IM AND Presence Service Cisco Unified Communications Manager IM AND Presence Service

Timeline

PublishedApr 3

Description

A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDcisco/unified_communications_manager_im_and_presence_service44 versions+43

▶CVEListV5cisco/cisco_unified_communications_manager_im_and_presence_service44 versions+43

▶CVEListV5cisco/cisco_ios_xe_softwareN/A

🔴Vulnerability Details

GHSA

GHSA-34jc-mc86-8ww9: A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthentica↗2024-04-03

▶

CVEList

CVE-2024-20310: A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthentica↗2024-04-03

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability↗2024-04-03

▶