Cisco Unity Connection Stored Cross-Site Scripting Vulnerability

Cisco Unity Connection is a unified messaging and voicemail solution that empowers subscribers with flexible messaging access options that can empower IT management simplicity. A stored cross-site scripting vulnerability exists in the web-based management interface of Cisco Unity Connection...

Cisco Unity Connection Directory Traversal Vulnerability (CNVD-2020-04829)

Cisco Unity Connection UC is a set of voice messaging platforms from the American company Cisco Cisco. The platform can use voice commands to make calls or listen to messages hands-free. A directory traversal vulnerability exists in Cisco Unity Connection version 11.5SU7 and versions prior to...

Cisco Unity Connection Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker...

Cisco Unity Connection Directory Traversal Vulnerability

A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

The vulnerability in the web interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager SME, Unified Communications Manager IM and Presence Service, and the integrated messaging system Unity Connection allows a perpetrator to execute arbitrary code or gain access to confidential information.

The vulnerability in the web interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager SME, Unified Communications Manager IM and Presence Service, and the integrated messaging system Unity Connection exists due to the lack of security measures taken to protect the w...

The vulnerability in the web interface for managing Cisco Unified Communications Manager systems, including Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and the integrated messaging system Cisco Unity Connection, allows a perpetrator to send arbitrary requests.

The vulnerability of the Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition SME, Cisco Unified Communications Manager IM and Presence Unified CM IM&P Service, and the integrated messaging system Cisco Unity Connection’s web interfaces is related ...

Cisco Unity Connection Web Framework XSS (cisco-sa-20191002-cuc-xss)

A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session...

Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in Cisco Unity Connection 11.50.199 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid130014; scriptversion"1.2"; scriptcvsdate"Date: 2019/10/18...

Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...

Cisco Unity Connection File Upload Denial of Service Vulnerability

A vulnerability in the Bulk Administration Tool BAT for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the affected software does not restrict the maximum size of...

Cisco Unity Connection libSRTP Denial of Service Vulnerability

A vulnerability in local file management for Cisco Unity Connection could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction...

Cisco Unity Connection Cross-Site Request Forgery Vulnerability

Cross-site request forgery CSRF vulnerability in Cisco Unity Connection 11.50.98 allows remote attackers to hijack the authentication of arbitrary users. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid130013; scriptversion"1.3"; scriptcvsdate"Date: 2019/10/31...

Cisco Unity Connection libSRTP Denial of Service Vulnerability

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid130015; scriptversion"1.2"; scriptcvsdate"Date: 2019/10/18 23:14:14...

CVE-2019-1915

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition SME, Cisco Unified Communications Manager IM and Presence Unified CM IM&P Service, and Cisco Unity Connection could allow an unauthenticated, remote...

The vulnerability relates to the implementation of Security Assertion Markup Language (SAML) for single-sign-on authentication in the integrated messaging system Cisco Unity Connection. This vulnerability allows attackers to perform cross-site scripting attacks.

The vulnerability of the Security Assertion Markup Language SAML authentication mechanism for Single Sign-On SSO in the integrated Cisco Unity Connection messaging system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor,...

CVE-2019-1685

A vulnerability in the Security Assertion Markup Language SAML single sign-on SSO interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability is due to...

Cross site scripting

A vulnerability in the Security Assertion Markup Language SAML single sign-on SSO interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability is due to...

CVE-2019-1685

A vulnerability in the Security Assertion Markup Language SAML single sign-on SSO interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability is due to...

CVE-2019-1685 Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

A vulnerability in the Security Assertion Markup Language SAML single sign-on SSO interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability is due to...

CVE-2019-1685

Cisco Unity Connection (version 12.5) exposes a reflected XSS vulnerability in the SAML SSO interface due to insufficient input validation. An unauthenticated remote attacker can lure a user to click a crafted link, potentially executing arbitrary script in the interface context or accessing sens...