The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Base Score: 4.3
Impact Score: 2.9
Exploitability Score: 8.6
Base Score: 6.1
Impact Score: 2.7
Exploitability Score: 2.8
|149469||Cisco Unity Connection XSS (cisco-sa-cucm-xss-Q4PZcNzJ)||Nessus||CISCO|
|149468||Cisco Unified Communications Manager XSS (cisco-sa-cucm-xss-Q4PZcNzJ)||Nessus||CISCO|
|149467||Cisco Unified Communications Manager IM & Presence Service XSS (cisco-sa-cucm-xss-Q4PZcNzJ)||Nessus||CISCO|