| Assigner | cisco |
| Reserved | 2023-11-08 |
| Published | 2024-04-03 |
| Updated | 2024-07-02 |
Description
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
| CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Problem types
Product status
10.5(2)
10.5(2a)
10.5(2b)
10.5(2)SU3
10.5(2)SU2a
10.5(2)SU4a
10.5(2)SU4
10.5(1)SU3
10.5(1)SU1
10.5(2)SU1
10.5(2)SU2
10.5(1)SU2
11.5(1)
11.5(1)SU1
11.5(1)SU2
11.5(1)SU3
11.5(1)SU3a
11.5(1)SU4
11.5(1)SU5
11.5(1)SU5a
11.5(1)SU6
11.5(1)SU7
11.5(1)SU8
11.5(1)SU9
11.5(1)SU10
11.5(1)SU11
11.0(1)
11.0(1)SU1
12.5(1)
12.5(1)SU1
12.5(1)SU2
12.5(1)SU3
12.5(1)SU4
12.5(1)SU5
12.5(1)SU6
12.5(1)SU7
14
14SU1
14SU2
14SU2a
10.0(1)
10.0(1)SU1
10.0(1)SU2
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF (cisco-sa-cucm-imps-xss-quWkd9yF)
