cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-3532,https://securityvulnerability.io/vulnerability/CVE-2020-3532,Cisco Unified Communications Manager vulnerable to Cross-Site Scripting (XSS) Attacks,"A vulnerability exists in the web-based management interface of various Cisco Unified Communications Manager products, allowing remote attackers to exploit cross-site scripting (XSS). This occurs due to insufficient validation of user-supplied input, enabling attackers to craft deceptive links that, when clicked by users, can execute arbitrary script code or access sensitive browser information within the context of the affected interfaces. Importantly, there are no available workarounds to mitigate this vulnerability, making prompt remediation and awareness crucial for affected users.",Cisco,"Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Communications Manager Im And Presence Service,Cisco Unified Communications Manager / Cisco Unity Connection",6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-18T15:54:09.023Z,0
CVE-2024-20310,https://securityvulnerability.io/vulnerability/CVE-2024-20310,Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager IM & Presence Service,"A vulnerability found in the web management interface of Cisco Unified Communications Manager IM & Presence Service allows an unauthenticated remote attacker to execute Cross-Site Scripting (XSS) attacks. This issue arises due to the failure of the web interface to adequately validate user-supplied input. An attacker can exploit this vulnerability by convincing an authenticated user to click on a specially crafted link, potentially enabling the execution of arbitrary script code within the context of the affected interface or exposing sensitive browser information.",Cisco,"Cisco iOS Xe Software,Cisco Unified Communications Manager Im And Presence Service",6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-06-20T18:15:07.000Z,,false,false,,2024-04-03T17:15:00.000Z,0
CVE-2024-20253,https://securityvulnerability.io/vulnerability/CVE-2024-20253,Cisco Unified Communications and Contact Center Solutions Vulnerability: Arbitrary Code Execution,"A vulnerability exists in multiple Cisco Unified Communications and Contact Center Solutions products that may allow a remote attacker to execute arbitrary code on an affected device without authentication. This issue arises from improper handling of user-input data, which is read into memory. An attacker can exploit this vulnerability by sending a specially crafted message to a listening port on the affected device. Successful exploitation could enable the attacker to run arbitrary commands on the operating system with the privileges of the web services user. This access may also allow the attacker to gain root access to the affected device, posing significant security risks.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Contact Center Express,Cisco Unified Communications Manager IM and Presence Service,Cisco Virtualized Voice Browser,Cisco Packaged Contact Center Enterprise,Cisco Unified Communications Manager / Cisco Unity Connection",10,CRITICAL,0.0030300000216811895,false,,true,false,true,2024-01-28T16:30:48.000Z,,true,false,,2024-01-26T17:28:30.761Z,4836
CVE-2023-20259,https://securityvulnerability.io/vulnerability/CVE-2023-20259,Denial of Service Vulnerability in Cisco Unified Communications Products,"A vulnerability exists within an improperly secured API endpoint across various Cisco Unified Communications Products. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted HTTP request. This could result in excessive CPU utilization, leading to potential delays in call processing and affecting access to the web-based management interface. This API is not meant for device management and its exploitation could result in a denial of service condition. Fortunately, once the attack ceases, the affected devices are designed to recover automatically without needing manual intervention.",Cisco,"Cisco Emergency Responder,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Communications Manager IM and Presence Service,Cisco Prime Collaboration Deployment",7.5,HIGH,0.0010000000474974513,false,,false,false,false,,,false,false,,2023-10-04T17:15:00.000Z,0
CVE-2023-20242,https://securityvulnerability.io/vulnerability/CVE-2023-20242,Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager,"A vulnerability exists within the web-based management interface of Cisco Unified Communications Manager and its associated services that allows an unauthenticated remote attacker to perform cross-site scripting (XSS) attacks. This issue arises from insufficient validation of user-supplied input within the interface. Attackers can exploit this weakness by luring an unsuspecting user to click on a malicious link, potentially allowing execution of arbitrary script code in the context of the affected interface or access to sensitive browser-based information.",Cisco,"Cisco Unified Communications Manager,Cisco Unified Communications Manager IM and Presence Service,Cisco Unified Communications Manager / Cisco Unity Connection",6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-08-16T21:15:00.000Z,0
CVE-2023-20108,https://securityvulnerability.io/vulnerability/CVE-2023-20108,Denial of Service Vulnerability in Cisco Unified Communications Manager IM & Presence Service,"A vulnerability exists in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service, potentially allowing an unauthenticated remote attacker to disrupt service for all users attempting to authenticate. This vulnerability stems from improper validation of user-supplied input. By sending a specially crafted login message, an attacker can trigger an unexpected restart of the authentication service, which leads to a denial of service condition for new users trying to access the system. However, users who were already authenticated prior to the attack are not affected.",Cisco,Cisco Unified Communications Manager IM and Presence Service,7.5,HIGH,0.0013800000306218863,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2022-20786,https://securityvulnerability.io/vulnerability/CVE-2022-20786,Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.",Cisco,Cisco Unified Communications Manager Im And Presence Service,5.4,MEDIUM,0.0008399999933317304,false,,false,false,true,2024-08-03T03:15:41.000Z,,false,false,,2022-04-21T19:15:00.000Z,0
CVE-2021-1363,https://securityvulnerability.io/vulnerability/CVE-2021-1363,Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database.",Cisco,Cisco Unified Communications Manager Im And Presence Service,7.1,HIGH,0.0008399999933317304,false,,false,false,true,2024-08-03T17:15:52.000Z,,false,false,,2021-05-06T13:15:00.000Z,0
CVE-2021-1365,https://securityvulnerability.io/vulnerability/CVE-2021-1365,Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database.",Cisco,Cisco Unified Communications Manager Im And Presence Service,7.1,HIGH,0.0008399999933317304,false,,false,false,true,2024-08-03T17:15:52.000Z,,false,false,,2021-05-06T13:15:00.000Z,0
CVE-2020-27121,https://securityvulnerability.io/vulnerability/CVE-2020-27121,Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability,"A vulnerability in Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability.",Cisco,Cisco Unified Communications Manager Im And Presence Service,4.3,MEDIUM,0.0010900000343099236,false,,false,false,true,2024-08-04T17:20:06.000Z,,false,false,,2020-11-06T19:15:00.000Z,0
CVE-2018-0409,https://securityvulnerability.io/vulnerability/CVE-2018-0409,,"A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947.",Cisco,"Unified Communications Manager Im & Presence Service (cucm Im&p),Telepresence Video Communication Server (vcs) And Expressway",7.5,HIGH,0.008550000376999378,false,,false,false,false,,,false,false,,2018-08-15T00:00:00.000Z,0
CVE-2018-0396,https://securityvulnerability.io/vulnerability/CVE-2018-0396,,"A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve25985.",Cisco,Cisco Unified Communications Manager Im And Presence Service Unknown,6.1,MEDIUM,0.001610000035725534,false,,false,false,false,,,false,false,,2018-07-18T23:29:00.000Z,0
CVE-2018-0363,https://securityvulnerability.io/vulnerability/CVE-2018-0363,,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi55878.",Cisco,Cisco Unified Communications Manager Im & Presence Service Unknown,8.8,HIGH,0.0023799999617040157,false,,false,false,false,,,false,false,,2018-06-21T11:00:00.000Z,0
CVE-2018-0328,https://securityvulnerability.io/vulnerability/CVE-2018-0328,,"A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116.",Cisco,Cisco Unified Communications Manager And Cisco Unified Presence,6.1,MEDIUM,0.001560000004246831,false,,false,false,false,,,false,false,,2018-05-17T03:00:00.000Z,0
CVE-2016-1466,https://securityvulnerability.io/vulnerability/CVE-2016-1466,,"Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072.",Cisco,Unified Communications Manager Im And Presence Service,7.5,HIGH,0.005630000028759241,false,,false,false,false,,,false,false,,2016-08-08T00:00:00.000Z,0
CVE-2015-6310,https://securityvulnerability.io/vulnerability/CVE-2015-6310,,"The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632.",Cisco,Unified Communications Manager Im And Presence Service,,,0.0006399999838322401,false,,false,false,false,,,false,false,,2015-10-08T20:00:00.000Z,0
CVE-2015-4294,https://securityvulnerability.io/vulnerability/CVE-2015-4294,,"Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766.",Cisco,Unified Communications Manager Im And Presence Service,,,0.0013500000350177288,false,,false,false,false,,,false,false,,2015-08-01T01:00:00.000Z,0
CVE-2015-4222,https://securityvulnerability.io/vulnerability/CVE-2015-4222,,"SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325.",Cisco,Unified Communications Manager Im And Presence Service,,,0.0013800000306218863,false,,false,false,false,,,false,false,,2015-06-26T10:00:00.000Z,0
CVE-2015-4221,https://securityvulnerability.io/vulnerability/CVE-2015-4221,,"Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194.",Cisco,Unified Communications Manager Im And Presence Service,,,0.0010499999625608325,false,,false,false,false,,,false,false,,2015-06-26T10:00:00.000Z,0
CVE-2015-4220,https://securityvulnerability.io/vulnerability/CVE-2015-4220,,"Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773.",Cisco,Unified Presence Server,,,0.0010300000431016088,false,,false,false,false,,,false,false,,2015-06-25T16:00:00.000Z,0
CVE-2014-8000,https://securityvulnerability.io/vulnerability/CVE-2014-8000,,"Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.",Cisco,Unified Communications Manager Im And Presence Service,,,0.005810000002384186,false,,false,false,false,,,false,false,,2014-11-21T02:00:00.000Z,0
CVE-2014-3339,https://securityvulnerability.io/vulnerability/CVE-2014-3339,,"Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.",Cisco,"Unified Communications Domain Manager,Unified Presence Server",,,0.0029800001066178083,false,,false,false,false,,,false,false,,2014-08-12T23:55:00.000Z,0
CVE-2014-3328,https://securityvulnerability.io/vulnerability/CVE-2014-3328,,"The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125.",Cisco,Unified Presence Server,,,0.00431999983265996,false,,false,false,false,,,false,false,,2014-07-26T10:00:00.000Z,0
CVE-2013-6983,https://securityvulnerability.io/vulnerability/CVE-2013-6983,,"SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615.",Cisco,Unified Presence Server,,,0.003269999986514449,false,,false,false,false,,,false,false,,2013-12-31T11:00:00.000Z,0
CVE-2013-3453,https://securityvulnerability.io/vulnerability/CVE-2013-3453,,"Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.",Cisco,"Unified Communications Manager,Unified Presence",,,0.001610000035725534,false,,false,false,false,,,false,false,,2013-08-22T22:55:00.000Z,0