A vulnerability has been reported in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
Target Audience:
All IT administrators and individuals responsible for maintaining and updating in web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition.
Risk Assessment:
High risk of data manipulation and service disruption.
Impact Assessment:
Potential impact on confidentiality, integrity, and availability of the system.
The information provided herein is on "as is" basis, without warranty of any kind.