Cisco Unity Connection Reflected XSS Vulnerability (cisco-sa-20170906-cuc)
Medium Nessus Plugin ID 103112
SynopsisThe version of Cisco Unity Connection on the remote host is affected by a relfected cross-site scripting vulnerability.
DescriptionCisco Unity Connection 10.5(2) with a default configuration allows remote attackers to conduct a reflected cross-site scripting (XSS) attack against the user of the web interface by submitting invalid input parameters via HTTP GET or POST.
SolutionUpgrade Cisco Unity Connection per the vendor advisory CSCvf25345.