Vulnerabilities > Cisco > Jabber > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-02-22 CVE-2018-0201 Cross-site Scripting vulnerability in Cisco Jabber 11.9/11.9(.0)
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device.
network
low complexity
cisco CWE-79
5.4
2018-02-22 CVE-2018-0199 Cross-site Scripting vulnerability in Cisco Jabber 11.9/11.9(0)
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device.
network
low complexity
cisco CWE-79
6.1
2017-11-30 CVE-2017-12361 Use of Insufficiently Random Values vulnerability in Cisco Jabber
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client.
local
low complexity
cisco CWE-330
4.0
2017-11-30 CVE-2017-12358 Cross-site Scripting vulnerability in Cisco Jabber 11.9(0)
A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.
network
low complexity
cisco CWE-79
5.4
2017-11-30 CVE-2017-12356 Cross-site Scripting vulnerability in Cisco Jabber 10.5(2)/11.9(1)
A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2017-10-19 CVE-2017-12286 Improper Input Validation vulnerability in Cisco Jabber and Webex Meeting Center
A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information.
local
low complexity
cisco CWE-20
5.5
2017-10-19 CVE-2017-12284 Information Exposure vulnerability in Cisco Jabber 11.8(.4)
A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information.
local
low complexity
cisco CWE-200
5.5
2015-12-26 CVE-2015-6409 Information Exposure vulnerability in Cisco Jabber 10.6(2)
Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.
network
high complexity
cisco CWE-200
5.9