CISCO : Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (cisco-sa-20170118-cucm)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106524

Categoría: CISCO

Título: Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (cisco-sa-20170118-cucm)

Resumen: A cross-site scripting (XSS) filter bypass vulnerability in the; web-based management interface of Cisco Unified Communications Manager could allow an; unauthenticated, remote attacker to mount XSS attacks against a user of an affected device.

Descripción: Summary:
A cross-site scripting (XSS) filter bypass vulnerability in the
web-based management interface of Cisco Unified Communications Manager could allow an
unauthenticated, remote attacker to mount XSS attacks against a user of an affected device.

Vulnerability Insight:
The vulnerability is due to a failure to properly call XSS
filter subsystems when a URL contains a certain parameter.

Vulnerability Impact:
An attacker who can persuade an authenticated user of an
affected device to follow an attacker-provided link or visit an attacker-controlled website could
exploit this vulnerability to execute arbitrary code in the context of the affected site in the
user's browser.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-3798
BugTraq ID: 95872
http://www.securityfocus.com/bid/95872
http://www.securitytracker.com/id/1037653

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106524
Categoría:	CISCO
Título:	Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (cisco-sa-20170118-cucm)
Resumen:	A cross-site scripting (XSS) filter bypass vulnerability in the; web-based management interface of Cisco Unified Communications Manager could allow an; unauthenticated, remote attacker to mount XSS attacks against a user of an affected device.
Descripción:	Summary: A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. Vulnerability Insight: The vulnerability is due to a failure to properly call XSS filter subsystems when a URL contains a certain parameter. Vulnerability Impact: An attacker who can persuade an authenticated user of an affected device to follow an attacker-provided link or visit an attacker-controlled website could exploit this vulnerability to execute arbitrary code in the context of the affected site in the user's browser. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3798 BugTraq ID: 95872 http://www.securityfocus.com/bid/95872 http://www.securitytracker.com/id/1037653
Copyright	Copyright (C) 2017 Greenbone Networks GmbH