CVE-2016-1354
Published on: 03/03/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:05 PM UTC
Certain versions of Unified Communications Domain Manager from Cisco contain the following vulnerability:
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176.
- CVE-2016-1354 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.1 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability | Vendor Advisory tools.cisco.com text/html |
![]() |
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Cisco | Unified Communications Domain Manager | 8.0 | All | All | All |
Application | Cisco | Unified Communications Domain Manager | 8.0.1 | All | All | All |
Application | Cisco | Unified Communications Domain Manager | 8.0.2 | All | All | All |
Application | Cisco | Unified Communications Domain Manager | 8.0 | All | All | All |
Application | Cisco | Unified Communications Domain Manager | 8.0.1 | All | All | All |
Application | Cisco | Unified Communications Domain Manager | 8.0.2 | All | All | All |
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.0:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.0:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.0.2:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE