N/A

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Cisco Unified Intelligence Center 跨站脚本漏洞

Cisco Unified Intelligence Center是美国思科（Cisco）公司的一套基于Web的报表平台。该平台提供报告相关的业务数据和呼叫中心数据的全面展示等功能。 Cisco Unified Intelligence Center中的Web界面存在跨站脚本漏洞，该漏洞源于程序没有充分的对传递到Web服务器的参数执行输入验证。远程攻击者可通过诱使用户访问恶意的链接或拦截用户请求并注入恶意的代码利用该漏洞在受影响网站的上下文中执行任意代码或访问基于浏览器的敏感信息。

N/A

N/A