PT-2020-3143 · Cisco · Cisco Unified Communications Manager Session Management Edition+1
Published
2020-07-01
·
Updated
2024-11-18
·
CVE-2020-3420
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) (affected versions not specified)
Description
The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. This could be achieved by inserting malicious data into a specific data field in the interface, potentially enabling the attacker to execute arbitrary script code or access sensitive browser-based information.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Unified Communications Manager
Cisco Unified Communications Manager Session Management Edition