3 matches found
CVE-2013-1120
CVE-2013-1120 applies to Cisco Unity Express prior to version 8.0, with CSRF vulnerabilities that can allow remote attackers to hijack user authentication. The entry has a base CVSS v2 score of 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P). Remediation: OpenVAS data indicates a vendor fix (VendorFix) as the s...
CVE-2006-2166
CVE-2006-2166 affects Cisco Unity Express (CUE) 2.2(2) and earlier when running on any CUE AIM or NM. The HTTP management interface contains an unspecified vulnerability that allows remote authenticated attackers to reset the password for any user with an expired password. The connected documents...
CVE-2013-1114
Cisco Unity Express (Cisco Unity Express) affected by XSS vulnerabilities (CVE-2013-1114) in versions before 8.0. Attack vector is not fully specified in the provided documents; remote attacker can inject arbitrary web script or HTML via web interface. Root cause is described as cross-site script...