CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3828
https://notcve.org/view.php?id=CVE-2017-3828
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Unified Communications Manager Switches podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz de gestión basada en web de un dispositivo afectado. • http://www.securityfocus.com/bid/96240 http://www.securitytracker.com/id/1037839 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3836
https://notcve.org/view.php?id=CVE-2017-3836
A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). Una vulnerabilidad en el marco web Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado visualizar datos sensibles. • http://www.securityfocus.com/bid/96251 http://www.securitytracker.com/id/1037840 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3829
https://notcve.org/view.php?id=CVE-2017-3829
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6). Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Unified Communications Manager Switches podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz de gestión basada en web de un dispositivo afectado. • http://www.securityfocus.com/bid/96250 http://www.securitytracker.com/id/1037839 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3798
https://notcve.org/view.php?id=CVE-2017-3798
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457). Una vulnerabilidad de XSS de elusión de filtro en la interfaz de gestión basada en web de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado montar ataques de XSS contra un usuario de un dispositivo afectado. • http://www.securityfocus.com/bid/95872 http://www.securitytracker.com/id/1037653 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6464
https://notcve.org/view.php?id=CVE-2016-6464
A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181). Una vulnerabilidad en la interfaz de administración web del Cisco Unified Communications Manager IM and Presence Service puede permitir a un atacante remoto no autenticado ver información en páginas web que deberían estar restringidas. • http://www.securityfocus.com/bid/94802 http://www.securitytracker.com/id/1037412 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •