Vulnerabilities > Cisco > Unity Connection > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-26 | CVE-2020-3129 | Cross-site Scripting vulnerability in Cisco Unity Connection A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. | 4.8 |
| 2019-10-02 | CVE-2019-1915 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.5 |
| 2019-10-02 | CVE-2019-12707 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. | 6.1 |
| 2019-02-21 | CVE-2019-1685 | Cross-site Scripting vulnerability in Cisco Unity Connection 12.5 A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. | 6.1 |
| 2018-10-05 | CVE-2018-15426 | Cross-site Scripting vulnerability in Cisco Unity Connection Vmo11.5(1) A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. | 4.8 |
| 2018-10-05 | CVE-2018-15403 | Open Redirect vulnerability in Cisco products A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. | 5.4 |
| 2018-10-05 | CVE-2018-15396 | Resource Exhaustion vulnerability in Cisco Unity Connection 12.5 A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. | 6.8 |
| 2018-06-07 | CVE-2018-0354 | Cross-site Scripting vulnerability in Cisco Unity Connection 12.5 A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 6.1 |
| 2018-02-22 | CVE-2018-0203 | Unspecified vulnerability in Cisco Unity Connection A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. | 5.3 |
| 2017-09-07 | CVE-2017-12212 | Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2) A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |