CISCO : Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability (cisco-sa-20161207-cucm)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.106441

Category: CISCO

Title: Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability (cisco-sa-20161207-cucm)

Summary: A vulnerability in the ccmadmin page of Cisco Unified; Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct; reflected cross-site scripting (XSS) attacks.

Description: Summary:
A vulnerability in the ccmadmin page of Cisco Unified
Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct
reflected cross-site scripting (XSS) attacks.

Vulnerability Insight:
The vulnerability is due to improper sanitization or encoding
of user-supplied data by the ccmadmin page of an affected version of CUCM. An attacker could
exploit this vulnerability by persuading a targeted user to follow a malicious link.

Vulnerability Impact:
An exploit could allow the attacker to conduct a reflected XSS
attack.

Affected Software/OS:
Cisco Unified Communications Manager version 11.5(1.10000.6).

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-9206
BugTraq ID: 94793
http://www.securityfocus.com/bid/94793
http://www.securitytracker.com/id/1037424

Copyright Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.106441
Category:	CISCO
Title:	Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability (cisco-sa-20161207-cucm)
Summary:	A vulnerability in the ccmadmin page of Cisco Unified; Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct; reflected cross-site scripting (XSS) attacks.
Description:	Summary: A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. Vulnerability Insight: The vulnerability is due to improper sanitization or encoding of user-supplied data by the ccmadmin page of an affected version of CUCM. An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link. Vulnerability Impact: An exploit could allow the attacker to conduct a reflected XSS attack. Affected Software/OS: Cisco Unified Communications Manager version 11.5(1.10000.6). Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9206 BugTraq ID: 94793 http://www.securityfocus.com/bid/94793 http://www.securitytracker.com/id/1037424
Copyright	Copyright (C) 2016 Greenbone AG