CVE-2014-2125

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection versions 8.6(2a)SU3 and earlier

Description A cross-site scripting (XSS) issue exists in the Web Inbox of Cisco Unity Connection, allowing remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

Recommendations For versions 8.6(2a)SU3 and earlier, update to a version later than 8.6(2a)SU3 to resolve the issue.