CVE-2020-3129

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection Software (affected versions not specified)

Description The issue is related to insufficient input validation in the web-based management interface, which could allow a remote attacker to perform a stored cross-site scripting (XSS) attack. An attacker could exploit this by providing crafted data to a specific field within the interface, allowing them to store an XSS attack that would be executed on the system of any user viewing the attacker-supplied data element.

Recommendations For Cisco Unity Connection Software, ensure proper input validation is in place for the web-based management interface to prevent cross-site scripting attacks. As a temporary workaround, consider restricting access to the web-based management interface until a patch is available. Avoid using crafted data in specific fields within the interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.