QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-0386

Back to search

CVE-2018-0386

Published: Aug 15, 2018

Modified: Nov 26, 2024

PUBLISHED

Description

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694.

VendorProductVersions

Cisco Systems, Inc.

Unified Communications Domain Manager Software

affected
unspecified

Weaknesses (CWE)

CWE-79

References

105113
vdb-entry
x_refsource_BID
1041537
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now