Vulnerabilities > Cisco > Unified Communications Manager

DATE CVE VULNERABILITY TITLE RISK
2017-03-17 CVE-2017-3872 Cross-site Scripting vulnerability in Cisco Unified Communications Manager
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device.
network
low complexity
cisco CWE-79
6.1
2017-02-22 CVE-2017-3836 Information Exposure vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2)
A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data.
network
low complexity
cisco CWE-200
4.3
2017-02-22 CVE-2017-3833 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.99999.2)
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software.
network
low complexity
cisco CWE-79
6.1
2017-02-22 CVE-2017-3829 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2017-02-22 CVE-2017-3828 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2017-02-22 CVE-2017-3821 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.14076.1)
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.
network
low complexity
cisco CWE-79
6.1
2017-01-26 CVE-2017-3802 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.99000.9)
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.
network
low complexity
cisco CWE-79
6.1
2017-01-26 CVE-2017-3798 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.12000.1)
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device.
network
low complexity
cisco CWE-79
6.1
2016-12-14 CVE-2016-9210 Path Traversal vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2)
A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system.
network
low complexity
cisco CWE-22
7.5
2016-12-14 CVE-2016-9206 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.10000.6)
A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.
network
low complexity
cisco CWE-79
6.1