CVE-2018-0386 vulnerability in Cisco Products
Published on August 15, 2018
A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2018-0386 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2018-0386
stack.watch emails you whenever new vulnerabilities are published in Cisco Hosted Collaboration Solution or Cisco Unified Communications Domain Manager. Just hit a watch button to start following.
Affected Versions
Cisco Systems, Inc. Unified Communications Domain Manager Software Version unspecified is affected by CVE-2018-0386Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.