One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 2602816 |
| Date de publication | 2021-04-08 04:15:12 (vue: 2021-04-08 06:05:42) |
| Titre | CVE-2021-1380 |
| Texte | Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. |
| Envoyé | Oui |
| Condensat | 1380 2021 access affected against allow arbitrary attack attacker based because browser cisco click code communications conduct connection context could crafted cross cve does edition execute exist exploit im&p information input interface link management manager multiple not persuading presence properly remote script scripting sensitive service session site sme successful supplied these unauthenticated unified unity user validate vulnerabilities web xss |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.