Source |
CVE Liste |
Identifiant |
2602816 |
Date de publication |
2021-04-08 04:15:12 (vue: 2021-04-08 06:05:42) |
Titre |
CVE-2021-1380 |
Texte |
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.
These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. |
Envoyé |
Oui |
Condensat |
1380 2021 access affected against allow arbitrary attack attacker based because browser cisco click code communications conduct connection context could crafted cross cve does edition execute exist exploit im&p information input interface link management manager multiple not persuading presence properly remote script scripting sensitive service session site sme successful supplied these unauthenticated unified unity user validate vulnerabilities web xss |
Tags |
|
Stories |
|
Notes |
|
Move |
|