SB2016062306 - Cross-site scripting attacks in web-based management interface in Cisco Unified Contact Center Enterprise
Published: June 23, 2016 Updated: July 11, 2016
Security Bulletin ID
SB2016062306
CSH Severity
High
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Cross-site scripting attacks in web-based management interface (CVE-ID: CVE-2016-1439)
The vulnerability allows a remote attacker to execute a cross-site scripting attack against a user of the web interface of an affected system.The vulnerability exists due to insufficient input validation of a user-supplied value. A remote attacker can exploit this vulnerability by persuading a user to click on a specially crafted URL link hat, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser.
Successful exploitation of this vulnerability may lead to the access of the target user's cookies, associated with the site running the Cisco Unified Contact Center Enterprise software and access data recently submitted by the target user via web form to the site.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.