Vulnerabilities > Cisco > Unified Communications Manager IM AND Presence Service > 10.5.1

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-05	CVE-2018-15403	Open Redirect vulnerability in Cisco products A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. network cisco CWE-601	4.9
2016-12-14	CVE-2016-6464	Information Exposure vulnerability in Cisco Unified Communications Manager IM and Presence Service A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. network low complexity cisco CWE-200	5.0
2015-08-01	CVE-2015-4294	Cross-site Scripting vulnerability in Cisco Unified Communications Manager IM and Presence Service 10.5(1)/9.0(1)/9.1(1) Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. network cisco CWE-79	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.