We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Bugpilot (Bug tracking)

Ok

THREATINT CVE Home CVE Diag Help
PUBLISHED

CVE-2024-20310

Reserved:2023-11-08
Published:2024-04-03
Updated:2024-04-03

Description

A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.



MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

Relative Path Traversal

Product status

Any version
affected

10.5(1)
affected

10.5(2)
affected

10.5(2a)
affected

10.5(2b)
affected

10.5(2)SU3
affected

10.5(2)SU2a
affected

10.5(2)SU4a
affected

10.5(2)SU4
affected

10.5(1)SU3
affected

10.5(1)SU1
affected

10.5(2)SU1
affected

10.5(2)SU2
affected

10.5(1)SU2
affected

11.5(1)
affected

11.5(1)SU1
affected

11.5(1)SU2
affected

11.5(1)SU3
affected

11.5(1)SU3a
affected

11.5(1)SU4
affected

11.5(1)SU5
affected

11.5(1)SU5a
affected

11.5(1)SU6
affected

11.5(1)SU7
affected

11.5(1)SU8
affected

11.5(1)SU9
affected

11.5(1)SU10
affected

11.5(1)SU11
affected

11.0(1)
affected

11.0(1)SU1
affected

12.5(1)
affected

12.5(1)SU1
affected

12.5(1)SU2
affected

12.5(1)SU3
affected

12.5(1)SU4
affected

12.5(1)SU5
affected

12.5(1)SU6
affected

12.5(1)SU7
affected

14
affected

14SU1
affected

14SU2
affected

14SU2a
affected

10.0(1)
affected

10.0(1)SU1
affected

10.0(1)SU2
affected

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF (cisco-sa-cucm-imps-xss-quWkd9yF)

cve.org CVE-2024-20310

nvd.nist.gov CVE-2024-20310

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-20310