XSS in Cisco Unified_communications_manager_im_and_presence_service
CVE-2015-4294
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, ak…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (49.9th percentile) — read the EPSS interpretation.
Affected products
- Cisco Unified_communications_manager_im_and_presence_service — versions 9.0\(1\), 9.1\(1\), 10.5\(1\)
- N/a — versions n/a
Weakness classification (CWE)
References
- 1033171 (vdb-entry, x_refsource_SECTRACK)
- 20150730 Cisco IM and Presence Service Reflected Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)