漏洞标题
N/A
漏洞描述信息
Cisco unified communication domain manager软件中的漏洞可能导致未验证的远程攻击者对受影响系统进行跨站点脚本(XSS)攻击。该漏洞是由于将输入进行不正确验证而导致的。攻击者可以通过说服受影响软件的用户访问一个恶意URL来利用此漏洞。成功的漏洞利用可能导致攻击者访问受影响系统的敏感浏览器信息,或者在用户的安全上下文中对受影响软件进行任意操作。Cisco漏洞ID:CSCvh49694。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694.
CVSS信息
N/A
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
Cisco Unified Communications Domain Manager Software 跨站脚本漏洞
漏洞描述信息
Cisco Unified Communications Domain Manager Software是美国思科(Cisco)公司开发的一款专用于统一通信解决方案中的呼叫处理组件。该组件具备可扩展、可分布、高度可用的企业IP语音呼叫处理功能。 Cisco Unified Communications Domain Manager Software中存在跨站脚本漏洞,该漏洞源于程序没有正确地验证传递到受影响软件的输入。远程攻击者可借助恶意的URL利用该漏洞获取受影响系统上的基于浏览器的敏感信息或在用户的安
CVSS信息
N/A
漏洞类别
跨站脚本