Vulnerabilities > Cisco > Unified Communications Manager IM AND Presence Service > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-06 | CVE-2020-27121 | Improper Handling of Exceptional Conditions vulnerability in Cisco Unified Communications Manager IM and Presence Service 12.5(1) A vulnerability in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. | 6.5 |
| 2020-07-02 | CVE-2020-3282 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2019-10-02 | CVE-2019-1915 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.5 |
| 2019-10-02 | CVE-2019-12707 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. | 6.1 |
| 2018-10-05 | CVE-2018-15403 | Open Redirect vulnerability in Cisco products A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. | 5.4 |
| 2018-07-18 | CVE-2018-0396 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager IM and Presence Service 11.5/12.0 A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 6.1 |