QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-0354

Back to search

CVE-2018-0354

Published: Jun 7, 2018

Modified: Nov 29, 2024

PUBLISHED

Description

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvf76417.

VendorProductVersions

n/a

Cisco Unity Connection unknown

affected
Cisco Unity Connection unknown

Weaknesses (CWE)

CWE-79

References

1041067
vdb-entry
x_refsource_SECTRACK
104426
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now