Guest

Preview Tool

Cisco Bug: CSCut19580 - CUCM Cross Site Scripting vulnerability in ccmivr page

Last Modified

Feb 08, 2017

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.5(2.10000.5) 9.1(2.10000.28)

Description (partial)

Symptom:
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager)
could allow an unauthenticated, remote attacker to a cross-site scripting (XSS) attack against a user of the
web interface on the affected system.

The vulnerability is due to insufficient input validation of some parameters used by that page.

An attacker could exploit this vulnerability by convincing the user of the system to follow an attacker
supplied link.

An exploit could allow the attacker to cause arbitrary script or HTML code to be executed on the users browser
within the context of the affected application.

Conditions:
Running a version prior to the Known Fixed Releases.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.