424 matches found
CVE-2019-1685
Cisco Unity Connection (version 12.5) exposes a reflected XSS vulnerability in the SAML SSO interface due to insufficient input validation. An unauthenticated remote attacker can lure a user to click a crafted link, potentially executing arbitrary script in the interface context or accessing sens...
Cisco Unity Connection Cross-Site Scripting Vulnerability (CNVD-2019-06586)
Cisco Unity Connection UC is a set of voice messaging platforms from the U.S. company Cisco Cisco. The platform can use voice commands to make calls or listen to messages hands-free. A cross-site scripting vulnerability exists in the Security Assertion Markup Language single sign-on interface in...
Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability
A vulnerability in the Security Assertion Markup Language SAML single sign-on SSO interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability is due to...
Cisco Unity Connection Bulk Administration Tool Resource Management Error Vulnerability
Cisco Unity Connection UC is a voice messaging platform from Cisco, Inc. that utilizes voice commands to make calls or listen to messages in a "hands-free" manner. The platform utilizes voice commands to make calls or listen to messages in a "hands-free" manner.Bulk Administration Tool BAT is one...
Cisco Unity Connection WEB Interface Cross-Site Scripting Vulnerability
Cisco Unity Connection UC is a voice messaging platform from Cisco. The platform can use voice commands to make calls or listen to messages in a "hands-free" way. A cross-site scripting vulnerability exists in the web-based interface of Cisco UC, which arises from the program's failure to...
CVE-2018-15426
A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of...
CVE-2018-15426
A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of...
CVE-2018-15396
A vulnerability in the Bulk Administration Tool BAT for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the affected software does not restrict the maximum size of...
CVE-2018-15396
A vulnerability in the Bulk Administration Tool BAT for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the affected software does not restrict the maximum size of...
Race condition
A vulnerability in the Bulk Administration Tool BAT for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the affected software does not restrict the maximum size of...
Cross site scripting
A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of...
CVE-2018-15396 Cisco Unity Connection File Upload Denial of Service Vulnerability
A vulnerability in the Bulk Administration Tool BAT for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the affected software does not restrict the maximum size of...
CVE-2018-15426 Cisco Unity Connection Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of...
CVE-2018-15426 Cisco Unity Connection Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of...
CVE-2018-15426
CVE-2018-15426 affects Cisco Unity Connection’s web-based interface. The issue is a stored XSS vulnerability caused by insufficient validation of user-supplied input, exploitable when a user clicks a crafted link, potentially allowing arbitrary script execution in the interface context or access ...
CVE-2018-15396 Cisco Unity Connection File Upload Denial of Service Vulnerability
A vulnerability in the Bulk Administration Tool BAT for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the affected software does not restrict the maximum size of...
CVE-2018-15396
Cisco Unity Connection BAT (Bulk Administration Tool) is affected by a vulnerability that allows an authenticated, remote attacker with administrator credentials to cause high disk utilization, leading to a DoS. The root cause is that the software does not restrict the maximum size of certain fil...
Cisco Unity Connection File Upload Denial of Service Vulnerability
A vulnerability in the Bulk Administration Tool BAT for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the affected software does not restrict the maximum size of...
Cisco Unity Connection Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of...
CVE-2018-0354
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...