cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-3532,https://securityvulnerability.io/vulnerability/CVE-2020-3532,Cisco Unified Communications Manager vulnerable to Cross-Site Scripting (XSS) Attacks,"A vulnerability exists in the web-based management interface of various Cisco Unified Communications Manager products, allowing remote attackers to exploit cross-site scripting (XSS). This occurs due to insufficient validation of user-supplied input, enabling attackers to craft deceptive links that, when clicked by users, can execute arbitrary script code or access sensitive browser information within the context of the affected interfaces. Importantly, there are no available workarounds to mitigate this vulnerability, making prompt remediation and awareness crucial for affected users.",Cisco,"Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Communications Manager Im And Presence Service,Cisco Unified Communications Manager / Cisco Unity Connection",6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-18T15:54:09.023Z,0
CVE-2024-20310,https://securityvulnerability.io/vulnerability/CVE-2024-20310,Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager IM & Presence Service,"A vulnerability found in the web management interface of Cisco Unified Communications Manager IM & Presence Service allows an unauthenticated remote attacker to execute Cross-Site Scripting (XSS) attacks. This issue arises due to the failure of the web interface to adequately validate user-supplied input. An attacker can exploit this vulnerability by convincing an authenticated user to click on a specially crafted link, potentially enabling the execution of arbitrary script code within the context of the affected interface or exposing sensitive browser information.",Cisco,"Cisco iOS Xe Software,Cisco Unified Communications Manager Im And Presence Service",6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-06-20T18:15:07.000Z,,false,false,,2024-04-03T17:15:00.000Z,0
CVE-2024-20253,https://securityvulnerability.io/vulnerability/CVE-2024-20253,Cisco Unified Communications and Contact Center Solutions Vulnerability: Arbitrary Code Execution,"A vulnerability exists in multiple Cisco Unified Communications and Contact Center Solutions products that may allow a remote attacker to execute arbitrary code on an affected device without authentication. This issue arises from improper handling of user-input data, which is read into memory. An attacker can exploit this vulnerability by sending a specially crafted message to a listening port on the affected device. Successful exploitation could enable the attacker to run arbitrary commands on the operating system with the privileges of the web services user. This access may also allow the attacker to gain root access to the affected device, posing significant security risks.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Contact Center Express,Cisco Unified Communications Manager IM and Presence Service,Cisco Virtualized Voice Browser,Cisco Packaged Contact Center Enterprise,Cisco Unified Communications Manager / Cisco Unity Connection",10,CRITICAL,0.0030300000216811895,false,,true,false,true,2024-01-28T16:30:48.000Z,,true,false,,2024-01-26T17:28:30.761Z,4836
CVE-2023-20259,https://securityvulnerability.io/vulnerability/CVE-2023-20259,Denial of Service Vulnerability in Cisco Unified Communications Products,"A vulnerability exists within an improperly secured API endpoint across various Cisco Unified Communications Products. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted HTTP request. This could result in excessive CPU utilization, leading to potential delays in call processing and affecting access to the web-based management interface. This API is not meant for device management and its exploitation could result in a denial of service condition. Fortunately, once the attack ceases, the affected devices are designed to recover automatically without needing manual intervention.",Cisco,"Cisco Emergency Responder,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Communications Manager IM and Presence Service,Cisco Prime Collaboration Deployment",7.5,HIGH,0.0010000000474974513,false,,false,false,false,,,false,false,,2023-10-04T17:15:00.000Z,0
CVE-2023-20242,https://securityvulnerability.io/vulnerability/CVE-2023-20242,Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager,"A vulnerability exists within the web-based management interface of Cisco Unified Communications Manager and its associated services that allows an unauthenticated remote attacker to perform cross-site scripting (XSS) attacks. This issue arises from insufficient validation of user-supplied input within the interface. Attackers can exploit this weakness by luring an unsuspecting user to click on a malicious link, potentially allowing execution of arbitrary script code in the context of the affected interface or access to sensitive browser-based information.",Cisco,"Cisco Unified Communications Manager,Cisco Unified Communications Manager IM and Presence Service,Cisco Unified Communications Manager / Cisco Unity Connection",6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-08-16T21:15:00.000Z,0
CVE-2023-20108,https://securityvulnerability.io/vulnerability/CVE-2023-20108,Denial of Service Vulnerability in Cisco Unified Communications Manager IM & Presence Service,"A vulnerability exists in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service, potentially allowing an unauthenticated remote attacker to disrupt service for all users attempting to authenticate. This vulnerability stems from improper validation of user-supplied input. By sending a specially crafted login message, an attacker can trigger an unexpected restart of the authentication service, which leads to a denial of service condition for new users trying to access the system. However, users who were already authenticated prior to the attack are not affected.",Cisco,Cisco Unified Communications Manager IM and Presence Service,7.5,HIGH,0.0013800000306218863,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2022-20786,https://securityvulnerability.io/vulnerability/CVE-2022-20786,Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.",Cisco,Cisco Unified Communications Manager Im And Presence Service,5.4,MEDIUM,0.0008399999933317304,false,,false,false,true,2024-08-03T03:15:41.000Z,,false,false,,2022-04-21T19:15:00.000Z,0
CVE-2021-1365,https://securityvulnerability.io/vulnerability/CVE-2021-1365,Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database.",Cisco,Cisco Unified Communications Manager Im And Presence Service,7.1,HIGH,0.0008399999933317304,false,,false,false,true,2024-08-03T17:15:52.000Z,,false,false,,2021-05-06T13:15:00.000Z,0
CVE-2021-1363,https://securityvulnerability.io/vulnerability/CVE-2021-1363,Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database.",Cisco,Cisco Unified Communications Manager Im And Presence Service,7.1,HIGH,0.0008399999933317304,false,,false,false,true,2024-08-03T17:15:52.000Z,,false,false,,2021-05-06T13:15:00.000Z,0
CVE-2020-27121,https://securityvulnerability.io/vulnerability/CVE-2020-27121,Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability,"A vulnerability in Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability.",Cisco,Cisco Unified Communications Manager Im And Presence Service,4.3,MEDIUM,0.0010900000343099236,false,,false,false,true,2024-08-04T17:20:06.000Z,,false,false,,2020-11-06T19:15:00.000Z,0
CVE-2018-0396,https://securityvulnerability.io/vulnerability/CVE-2018-0396,,"A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve25985.",Cisco,Cisco Unified Communications Manager Im And Presence Service Unknown,6.1,MEDIUM,0.001610000035725534,false,,false,false,false,,,false,false,,2018-07-18T23:29:00.000Z,0
CVE-2018-0363,https://securityvulnerability.io/vulnerability/CVE-2018-0363,,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi55878.",Cisco,Cisco Unified Communications Manager Im & Presence Service Unknown,8.8,HIGH,0.0023799999617040157,false,,false,false,false,,,false,false,,2018-06-21T11:00:00.000Z,0
CVE-2018-0328,https://securityvulnerability.io/vulnerability/CVE-2018-0328,,"A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116.",Cisco,Cisco Unified Communications Manager And Cisco Unified Presence,6.1,MEDIUM,0.001560000004246831,false,,false,false,false,,,false,false,,2018-05-17T03:00:00.000Z,0