Cisco Bug: CSCut19580 - CUCM Cross Site Scripting vulnerability in ccmivr page
Feb 08, 2017
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
Symptom: A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to a cross-site scripting (XSS) attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of some parameters used by that page. An attacker could exploit this vulnerability by convincing the user of the system to follow an attacker supplied link. An exploit could allow the attacker to cause arbitrary script or HTML code to be executed on the users browser within the context of the affected application. Conditions: Running a version prior to the Known Fixed Releases.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases