2 matches found
Cisco Unified Communications Domain Manager多个跨站脚本漏洞
Bugtraq ID:65869 CVE ID:CVE-2014-2104 Cisco Unified Communications Manager是思科统一通信解决方案中强大的呼叫处理组件。 Cisco Unified Communications Manager WEB接口BVSM页不正确校验多个参数数据,允许远程攻击者构建恶意URI,诱使用户解析,当恶意数据被查看时可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。 0 Cisco Unified Communications Domain Manager 目前没有详细解决方案提供: http://www.cisco.com...
CVE-2014-2104
Cisco Unified Communications Domain Manager BVSM page (in 9.0(.1)) contains multiple XSS flaws due to insufficient input validation of BVSM parameters. Exploitation allows remote attackers to craft malicious links/URIs to inject script or HTML via unspecified parameters, potentially compromising ...