2 matches found
Design/Logic Flaw
Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084...
CVE-2014-2192
Cross-site scripting XSS vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.02 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033...