CVE-2017-3872

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager version 10.5(2.14076.1) Cisco Unified Communications Manager versions prior to 12.0(0.98000.219)

Description A cross-site scripting (XSS) filter bypass issue exists in the web-based management interface, allowing an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. The vulnerability is due to insufficient protection of the web page structure, which can be exploited by a remote attacker to bypass the XSS filter and perform cross-site scripting attacks.

Recommendations For Cisco Unified Communications Manager version 10.5(2.14076.1), update to version 12.0(0.98000.219) or later to resolve the issue. For Cisco Unified Communications Manager versions prior to 12.0(0.98000.219), update to version 12.0(0.98000.219) or later to resolve the issue.