3 matches found
CVE-2014-2125
Cisco Unity Connection Web Inbox v8.6(2a)SU3 and earlier are affected by a cross-site scripting (XSS) vulnerability caused by insufficient input validation on a web inbox parameter. An unauthenticated, remote attacker could lure a user to a crafted link, allowing execution of arbitrary HTML/JavaS...
CVE-2014-2125
Cross-site scripting XSS vulnerability in the Web Inbox in Cisco Unity Connection 8.62aSU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028...
Cisco Unity Connection Web Inbox跨站脚本漏洞
CVE ID:CVE-2014-2125 Cisco Unity Connection是运行在Linux-based Cisco Unified Communications操作系统上的功能强大的语音消息通讯平台。 由于某些关于网页收件箱的输入在返回用户前没有正确过滤,攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML 和脚本代码。 0 Cisco Unity Connection 8.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用:...