Vulnerabilities > Cisco > Unified Communications Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-17 CVE-2017-3872 Cross-site Scripting vulnerability in Cisco Unified Communications Manager
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device.
network
low complexity
cisco CWE-79
6.1
6.1
2017-02-22 CVE-2017-3836 Information Exposure vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2)
A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data.
network
low complexity
cisco CWE-200
4.3
4.3
2017-02-22 CVE-2017-3833 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.99999.2)
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software.
network
low complexity
cisco CWE-79
6.1
6.1
2017-02-22 CVE-2017-3829 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
6.1
2017-02-22 CVE-2017-3828 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
6.1
2017-02-22 CVE-2017-3821 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.14076.1)
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.
network
low complexity
cisco CWE-79
6.1
6.1
2017-01-26 CVE-2017-3802 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.99000.9)
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.
network
low complexity
cisco CWE-79
6.1
6.1
2017-01-26 CVE-2017-3798 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.12000.1)
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device.
network
low complexity
cisco CWE-79
6.1
6.1
2016-12-14 CVE-2016-9206 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.10000.6)
A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.
network
low complexity
cisco CWE-79
6.1
6.1
2016-11-19 CVE-2016-6472 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.2)
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system.
network
low complexity
cisco CWE-79
6.1
6.1