Guest

Preview Tool

Cisco Bug: CSCus74184 - WIM XSS vulnerabilities in chat

Last Modified

Mar 24, 2018

Products (1)

  • Cisco Unified E-Mail Interaction Manager

Known Affected Releases

9.0(2)

Description (partial)

Symptom:
Cisco Unified Web Interaction Manager contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site
scripting (XSS) attack against the user of the web interface of the affected system. 

The vulnerability is due to a lack of input sanitation in the Cisco Unified Web Interaction Manager.  An unauthenticated, remote attacker could
exploit this vulnerability by convincing a targeted user to visit a malicious website that is designed to submit an HTTP POST request to the web
interface of the affected product.  If the targeted user visits the malicious page, the attacker could execute arbitrary script code in the
browser of the user in the security context of the affected site.

Conditions:
An attacker may be able to inject the script within the HTTP flow between the target user and the affected system
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.