Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Cisco Unified Communications Manager 输入验证错误漏洞
Vulnerability Description
Cisco Unified Communications Manager(CUCM,Unified CM,CallManager)是美国思科(Cisco)公司的一款统一通信系统中的呼叫处理组件。该组件提供了一种可扩展、可分布和高可用的企业IP电话呼叫处理解决方案。 Cisco Unified CM中的Web UI存在输入验证漏洞,该漏洞源于程序没有充分的保护HTML iframes。远程攻击者可通过诱使用户导航到被攻击者控制并包含有恶意HTML iframe的网站利用该漏洞实施点击劫持攻击或其他针对客户端
CVSS Information
N/A
Vulnerability Type
N/A