CVE-2023-20242

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions prior to the fixed version Cisco Unified CM Session Management Edition versions prior to the fixed version Cisco Unified Communications Manager IM & Presence Service versions prior to the fixed version

Description A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This issue exists because the interface does not properly validate user-supplied input. An attacker could exploit this by persuading a user to click a crafted link, potentially allowing the execution of arbitrary script code in the context of the affected interface or access to sensitive browser-based information.

Recommendations For Cisco Unified Communications Manager, update to a version that includes the fix for this issue. For Cisco Unified CM Session Management Edition, update to a version that includes the fix for this issue. For Cisco Unified Communications Manager IM & Presence Service, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the web-based management interface until a patch is available.