Home Unlabelled Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

By
Thursday, September 07, 2017
Read
Add Comment
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system.

The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2w7tQGQ A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system.

The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2w7tQGQ
Security Impact Rating: Medium
CVE: CVE-2017-12212

from Cisco Security Advisory http://ift.tt/2w7tQGQ
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us