CVE-2017-3833
https://notcve.org/view.php?id=CVE-2017-3833
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). Una vulnerabilidad en el marco web de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz web del software afectado. • http://www.securityfocus.com/bid/96246 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-3829
https://notcve.org/view.php?id=CVE-2017-3829
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6). Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Unified Communications Manager Switches podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz de gestión basada en web de un dispositivo afectado. • http://www.securityfocus.com/bid/96250 http://www.securitytracker.com/id/1037839 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-3798
https://notcve.org/view.php?id=CVE-2017-3798
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457). Una vulnerabilidad de XSS de elusión de filtro en la interfaz de gestión basada en web de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado montar ataques de XSS contra un usuario de un dispositivo afectado. • http://www.securityfocus.com/bid/95872 http://www.securitytracker.com/id/1037653 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-3802
https://notcve.org/view.php?id=CVE-2017-3802
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8). Una vulnerabilidad en el motor de escaneo de contenido de Cisco AsyncOS Software para Cisco Email Security Appliances (ESA) podría permitir a un atacante remoto no autenticado eludir el mensaje configurado o filtros de contenido en el dispositivo. • http://www.securityfocus.com/bid/95636 http://www.securitytracker.com/id/1037655 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-9210
https://notcve.org/view.php?id=CVE-2016-9210
A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7). Una vulnerabilidad en la herramienta de subida Cisco Unified Reporting accediendo a través Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado modificar archivos arbitrarios en el sistema de archivos. • http://www.securityfocus.com/bid/94798 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •