CVE-2017-12269

Name of the Vulnerable Software and Affected Versions Cisco Spark Messaging Software (affected versions not specified)

Description A stored cross-site scripting (XSS) attack could be performed by an authenticated, remote attacker due to insufficient input validation in the web UI. An attacker could inject XSS content into the web UI, potentially forcing a user to execute code of the attacker's choosing or allowing the attacker to retrieve sensitive information from the user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.