CVE-2015-4206
Cisco UCM 8.0–8.6 contains a Cross‑Site Scripting filter bypass (CVE-2015-4206). A crafted URL parameter allows remote, unauthenticated attackers to bypass the XSS protection in the web management interface and potentially execute code in a user’s browser. The Cisco advisory (cisco-sa-20151214-uc...