Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

2017-02-15T16:00:00
ID CISCO-SA-20170215-CUCM
Type cisco
Reporter Cisco
Modified 2017-02-14T18:36:06

Description

A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.

The vulnerability is due to improper sanitization or encoding of user-supplied data by the serviceability page of an affected version of Cisco Unified Communications Manager. An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link. An exploit could allow the attacker to conduct a reflected XSS attack.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm"]