CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-1409 – Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1409
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & amp; Presence Service (Unified CM IM & amp; P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y Cisco Unity Connection, podrían permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de interfaz. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-1380 – Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1380
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & amp; Presence Service (Unified CM IM & amp; P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y Cisco Unity Connection, podrían permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de interfaz. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3129 – Cisco Unity Connection Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2020-3129
A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-uc-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp http://www.debian.org/security/2016/dsa-3539 http://www.securitytracker.com/id/1035636 http://www.securitytracker.com/id/1035637 http://www.securitytracker.com/id/1035648 http://www.securitytracker.com/id/1035649 http://www.securitytracker.com/id/1035650 http://www.securitytracker.com/id/1035651 http://www.securitytracker.com/id/1035652 https://access.redhat.com/security/cve/CVE-2015-6360 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7988
https://notcve.org/view.php?id=CVE-2014-7988
The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. Unified Messaging Service (UMS) en Cisco Unity Connection 10.5 y anteriores permite a usuarios remotos autenticados obtener información sensible mediante la lectura de ficheros del registro, también conocido como Bug ID CSCur06493. • http://secunia.com/advisories/62106 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7988 http://tools.cisco.com/security/center/viewAlert.x?alertId=36340 http://www.securitytracker.com/id/1031177 https://exchange.xforce.ibmcloud.com/vulnerabilities/98493 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •