CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6416
https://notcve.org/view.php?id=CVE-2015-6416
Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479. Vulnerabilidad de XSS en Cisco Unified Email Interaction Manager y Unified Web Interaction Manager 11.0(1) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios en una URL manipulada, también conocida como Bug ID CSCuw24479. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-uim http://www.securityfocus.com/bid/79034 http://www.securitytracker.com/id/1034382 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4298
https://notcve.org/view.php?id=CVE-2015-4298
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056. Vulnerabilidad en Cisco Unified Web y E-Mail Interaction Manager 9.0(2) y 11.0(1) no realiza la autorización adecuadamente, lo que permite a usuarios remotos autenticados leer o escribir en los datos almacenados a través de vectores no especificados, también conocida como Bug ID CSCuo89056. • http://tools.cisco.com/security/center/viewAlert.x?alertId=40428 http://www.securityfocus.com/bid/76348 http://www.securitytracker.com/id/1033286 • CWE-284: Improper Access Control •