CVE-2008-4542

Cisco Unity < 4.2\(1\) - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store).

References (7)

[Vendor Advisory] http://secunia.com/advisories/32207

[Vendor Advisory] http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html

[Various Sources] http://www.voipshield.com/research-details.php?id=127

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31642

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45744

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1021012

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2771

Scores

EPSS 0.0034

EPSS Percentile 56.0%

Classification

CWE

CWE-79

Status published

Affected Products (13)

cisco/unity < 4.2\(1\)

cisco/unity

cisco/unity

cisco/unity

cisco/unity

cisco/unity

cisco/unity

cisco/unity

cisco/unity

cisco/unity

cisco/unity

cisco/unity

n/a/n/a

Timeline

Published Oct 13, 2008

Tracked Since Feb 18, 2026