QID 316943
Date Published: 2021-04-15
QID 316943: Cisco Unified Communications Manager IM and Presence Service Cross-Site Scripting Vulnerabilities(cisco-sa-cucm-xss-Q4PZcNzJ)
Multiple vulnerabilities in the web-based management interface of
Cisco Unified Communications Manager IMPresence Service (Unified CM IMP) remote attacker to conduct
a cross-site scripting (XSS) attack against an interface user.
Affected Products
Cisco products were affected by the following vulnerabilities.
Cisco Product Vulnerable Releases CVE IDs
Unified CM Earlier than 14 CVE-2021-1380, CVE-2021-1407, CVE-2021-1408, CVE-2021-1409
Unified CM IMP Earlier than 14 CVE-2021-1409
Unified CM SME Earlier than 14 CVE-2021-1380, CVE-2021-1407, CVE-2021-1408, CVE-2021-1409
Unity Connection Earlier than 14 CVE-2021-1380, CVE-2021-1409
QID Detection Logic (Authenticated):
The check matches the Cisco Unified Communications Product version retrieved via Unix Auth using " Active Master Version:" command.
A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Customers are advised to refer to cisco-sa-cucm-xss-Q4PZcNzJ for more information.
- cisco-sa-cucm-xss-Q4PZcNzJ -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ
CVEs related to QID 316943
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-cucm-xss-Q4PZcNzJ |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ |