CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3802
https://notcve.org/view.php?id=CVE-2017-3802
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8). Una vulnerabilidad en el motor de escaneo de contenido de Cisco AsyncOS Software para Cisco Email Security Appliances (ESA) podría permitir a un atacante remoto no autenticado eludir el mensaje configurado o filtros de contenido en el dispositivo. • http://www.securityfocus.com/bid/95636 http://www.securitytracker.com/id/1037655 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3798
https://notcve.org/view.php?id=CVE-2017-3798
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457). Una vulnerabilidad de XSS de elusión de filtro en la interfaz de gestión basada en web de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado montar ataques de XSS contra un usuario de un dispositivo afectado. • http://www.securityfocus.com/bid/95872 http://www.securitytracker.com/id/1037653 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9206
https://notcve.org/view.php?id=CVE-2016-9206
A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6). Una vulnerabilidad en la página ccmadmin de Cisco Unified Communications Manager (CUCM) podría permitir a un atacante remoto no autenticado llevar a cabo ataques de XSS. • http://www.securityfocus.com/bid/94793 http://www.securitytracker.com/id/1037424 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9210
https://notcve.org/view.php?id=CVE-2016-9210
A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7). Una vulnerabilidad en la herramienta de subida Cisco Unified Reporting accediendo a través Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado modificar archivos arbitrarios en el sistema de archivos. • http://www.securityfocus.com/bid/94798 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6472
https://notcve.org/view.php?id=CVE-2016-6472
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404). Una vulnerabilidad en varios parámetros de la página ccmivr de Cisco Unified Communication Manager (CallManager) podrían permitir a un atacante remoto no autenticado lanzar un ataque de XSS contra un usuario de la interfaz web en el sistema afectado. • http://www.securityfocus.com/bid/94364 http://www.securitytracker.com/id/1037305 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •