ID de Prueba:	1.3.6.1.4.1.25623.1.0.106524
Categoría:	CISCO
Título:	Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
Resumen:	A cross-site scripting (XSS) filter bypass vulnerability in the web-based;management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to;mount XSS attacks against a user of an affected device.
Descripción:	Summary: A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. Vulnerability Insight: The vulnerability is due to a failure to properly call XSS filter subsystems when a URL contains a certain parameter. Vulnerability Impact: An attacker who can persuade an authenticated user of an affected device to follow an attacker-provided link or visit an attacker-controlled website could exploit this vulnerability to execute arbitrary code in the context of the affected site in the user's browser. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3798 BugTraq ID: 95872 http://www.securityfocus.com/bid/95872 http://www.securitytracker.com/id/1037653
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.