CVE-2017-3802

MEDIUM

Cisco Unified Communications Manager - XSS

Title source: llm

Description

A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8).

References (3)

Scores

CVSS v3 6.1
EPSS 0.0029
EPSS Percentile 52.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (2)

cisco/unified_communications_manager
n/a/Cisco Unified Communications Manager 12.0(0.99000.9) < Cisco Unified Communications Manager 12.0(0.99000.9)

Timeline

Published Jan 26, 2017
Tracked Since Feb 18, 2026