Vulnerabilities > Cisco > Unified Communications Manager > 12.0.1.10000.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-07 | CVE-2018-0355 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Unified Communications Manager A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. | 4.3 |
| 2018-06-07 | CVE-2018-0340 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 3.5 |
| 2018-05-17 | CVE-2018-0328 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 4.3 |
| 2018-04-19 | CVE-2018-0267 | Forced Browsing vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. | 2.1 |
| 2018-04-19 | CVE-2018-0266 | Forced Browsing vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. | 4.0 |
| 2017-11-30 | CVE-2017-12357 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 3.5 |