QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-15426

Back to search

CVE-2018-15426

Published: Oct 5, 2018

Modified: Nov 26, 2024

PUBLISHED

Description

A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the web-based interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

VendorProductVersions

Cisco

Cisco Unity Connection

affected
n/a

Weaknesses (CWE)

CWE-79

References

1041781
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now