Reflected Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager

Reflected Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager

CVE-2017-3888 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).

Learn more about our Cis Benchmark Audit For Cisco.