CVE-2021-1409

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
CVSS

No CVSS.

Configurations

No configuration.

Information

Published : 2021-04-08 04:15

Updated : 2021-04-08 11:26


NVD link : CVE-2021-1409

Mitre link : CVE-2021-1409


JSON object : View

Products Affected

No product.

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')