What is CVE-2016-1354?

CVE-2016-1354 is a medium-severity vulnerability in Cisco Unified_communications_domain_manager, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-03-03.

How severe is CVE-2016-1354?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Cisco Unified_communications_domain_manager

CVE-2016-1354

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (48.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Cisco Unified_communications_domain_manager — versions 8.0, 8.0.1, 8.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

20160302 Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2016-1354?: CVE-2016-1354 is a medium-severity vulnerability in Cisco Unified_communications_domain_manager, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-03-03.
How severe is CVE-2016-1354?: Medium severity. CVSS v3 base score is 6.1 out of 10.