Описание
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
EPSS
4.6 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information.
Уязвимость программной платформы Cisco Jabber Client Framework, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный JavaScript-сценарий
EPSS
4.6 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2