CISCO : Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability (cisco-sa-20170315-ucm)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106659

Categoría: CISCO

Título: Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability (cisco-sa-20170315-ucm)

Resumen: A cross-site scripting (XSS) filter bypass vulnerability in the; web-based management interface of Cisco Unified Communications Manager could allow an; unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device.

Descripción: Summary:
A cross-site scripting (XSS) filter bypass vulnerability in the
web-based management interface of Cisco Unified Communications Manager could allow an
unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device.

Vulnerability Insight:
The vulnerability is due to a failure to properly call XSS
filter subsystems when a URL contains a certain parameter.

Vulnerability Impact:
An attacker who can persuade an authenticated user of an
affected device to follow an attacker-provided link or visit an attacker-controlled website could
exploit this vulnerability to execute arbitrary code in the context of the affected site in the
user's browser.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-3872
BugTraq ID: 96916
http://www.securityfocus.com/bid/96916
http://www.securitytracker.com/id/1038036

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106659
Categoría:	CISCO
Título:	Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability (cisco-sa-20170315-ucm)
Resumen:	A cross-site scripting (XSS) filter bypass vulnerability in the; web-based management interface of Cisco Unified Communications Manager could allow an; unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device.
Descripción:	Summary: A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. Vulnerability Insight: The vulnerability is due to a failure to properly call XSS filter subsystems when a URL contains a certain parameter. Vulnerability Impact: An attacker who can persuade an authenticated user of an affected device to follow an attacker-provided link or visit an attacker-controlled website could exploit this vulnerability to execute arbitrary code in the context of the affected site in the user's browser. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3872 BugTraq ID: 96916 http://www.securityfocus.com/bid/96916 http://www.securitytracker.com/id/1038036
Copyright	Copyright (C) 2017 Greenbone Networks GmbH