HomePentest-Tools.com Logo

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability (cisco-sa-20170215-ucm) CVE-2017-3833

Severity
CVSSv3 Score
6.1
Vulnerability description

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software.

Risk description

The vulnerability is due to insufficient input validation of user-supplied parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script in the context of the affected web interface.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 22, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available