Test Kennung:	1.3.6.1.4.1.25623.1.0.106659
Kategorie:	CISCO
Titel:	Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
Zusammenfassung:	A cross-site scripting (XSS) filter bypass vulnerability in the web-based;management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to;conduct XSS attacks against a user of an affected device.
Beschreibung:	Summary: A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. Vulnerability Insight: The vulnerability is due to a failure to properly call XSS filter subsystems when a URL contains a certain parameter. Vulnerability Impact: An attacker who can persuade an authenticated user of an affected device to follow an attacker-provided link or visit an attacker-controlled website could exploit this vulnerability to execute arbitrary code in the context of the affected site in the user's browser. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3872 BugTraq ID: 96916 http://www.securityfocus.com/bid/96916 http://www.securitytracker.com/id/1038036
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.