cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-3532,https://securityvulnerability.io/vulnerability/CVE-2020-3532,Cisco Unified Communications Manager vulnerable to Cross-Site Scripting (XSS) Attacks,"A vulnerability exists in the web-based management interface of various Cisco Unified Communications Manager products, allowing remote attackers to exploit cross-site scripting (XSS). This occurs due to insufficient validation of user-supplied input, enabling attackers to craft deceptive links that, when clicked by users, can execute arbitrary script code or access sensitive browser information within the context of the affected interfaces. Importantly, there are no available workarounds to mitigate this vulnerability, making prompt remediation and awareness crucial for affected users.",Cisco,"Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Communications Manager Im And Presence Service,Cisco Unified Communications Manager / Cisco Unity Connection",6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-18T15:54:09.023Z,0
CVE-2024-20253,https://securityvulnerability.io/vulnerability/CVE-2024-20253,Cisco Unified Communications and Contact Center Solutions Vulnerability: Arbitrary Code Execution,"A vulnerability exists in multiple Cisco Unified Communications and Contact Center Solutions products that may allow a remote attacker to execute arbitrary code on an affected device without authentication. This issue arises from improper handling of user-input data, which is read into memory. An attacker can exploit this vulnerability by sending a specially crafted message to a listening port on the affected device. Successful exploitation could enable the attacker to run arbitrary commands on the operating system with the privileges of the web services user. This access may also allow the attacker to gain root access to the affected device, posing significant security risks.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Contact Center Express,Cisco Unified Communications Manager IM and Presence Service,Cisco Virtualized Voice Browser,Cisco Packaged Contact Center Enterprise,Cisco Unified Communications Manager / Cisco Unity Connection",10,CRITICAL,0.0030300000216811895,false,,true,false,true,2024-01-28T16:30:48.000Z,,true,false,,2024-01-26T17:28:30.761Z,4836
CVE-2024-20305,https://securityvulnerability.io/vulnerability/CVE-2024-20305,Cross-Site Scripting Vulnerability in Cisco Unity Connection Management Interface,"A vulnerability exists in the web-based management interface of Cisco Unity Connection, allowing authenticated remote attackers to conduct cross-site scripting (XSS) attacks. This vulnerability arises from insufficient validation of user-supplied input. Attackers could exploit this flaw by convincing users to click on specially crafted links, which may enable the execution of arbitrary script code in the context of the affected interface as well as access to sensitive information stored in the user's browser.",Cisco,Cisco Unity Connection,4.8,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2024-01-26T17:26:40.015Z,0
CVE-2024-20272,https://securityvulnerability.io/vulnerability/CVE-2024-20272,Cisco Unity Connection Vulnerability Allows Unauthorized File Upload and Command Execution,"A vulnerability exists in the web-based management interface of Cisco Unity Connection, allowing remote attackers without authentication to upload arbitrary files to the system. This issue arises due to inadequate authentication on a specific API and improper validation of user-supplied data. By exploiting this vulnerability, an attacker can upload malicious files to the system, potentially executing arbitrary commands on the operating system and gaining elevated privileges. Organizations using affected versions of Cisco Unity Connection must take proactive measures to secure their systems against such risks.",Cisco,Cisco Unity Connection,9.8,CRITICAL,0.001449999981559813,false,,true,false,false,,,false,false,,2024-01-17T16:54:49.321Z,0
CVE-2023-20259,https://securityvulnerability.io/vulnerability/CVE-2023-20259,Denial of Service Vulnerability in Cisco Unified Communications Products,"A vulnerability exists within an improperly secured API endpoint across various Cisco Unified Communications Products. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted HTTP request. This could result in excessive CPU utilization, leading to potential delays in call processing and affecting access to the web-based management interface. This API is not meant for device management and its exploitation could result in a denial of service condition. Fortunately, once the attack ceases, the affected devices are designed to recover automatically without needing manual intervention.",Cisco,"Cisco Emergency Responder,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Communications Manager IM and Presence Service,Cisco Prime Collaboration Deployment",7.5,HIGH,0.0010000000474974513,false,,false,false,false,,,false,false,,2023-10-04T17:15:00.000Z,0
CVE-2023-20266,https://securityvulnerability.io/vulnerability/CVE-2023-20266,Privilege Escalation Vulnerability in Cisco Unified Communications Products,"A security flaw exists in Cisco Emergency Responder and related Unified Communications products, allowing an authenticated remote attacker to gain root privileges. This vulnerability arises due to inadequate restrictions on the upgrade files utilized by the application. An attacker with valid platform administrator credentials could exploit this weakness by deploying a specially crafted upgrade file, thereby elevating their access rights and compromising the affected device's integrity.",Cisco,"Cisco Emergency Responder,Cisco Unity Connection,Cisco Unified Communications Manager",7.2,HIGH,0.0012000000569969416,false,,false,false,false,,,false,false,,2023-08-30T17:15:00.000Z,0
CVE-2023-20211,https://securityvulnerability.io/vulnerability/CVE-2023-20211,SQL Injection Vulnerability in Cisco Unified Communications Manager Products,"A vulnerability exists in the web-based management interface of Cisco's Unified Communications Manager and Session Management Edition. This flaw arises from inadequate validation of user inputs, allowing an authenticated attacker with read-only or higher privileges to execute SQL injection attacks. By crafting malicious HTTP requests, the attacker could manipulate or retrieve sensitive data from the database, posing significant risks to data integrity and confidentiality.",Cisco,"Cisco Unified Communications Manager,Cisco Unified Communications Manager / Cisco Unity Connection",8.8,HIGH,0.0008299999753944576,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20242,https://securityvulnerability.io/vulnerability/CVE-2023-20242,Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager,"A vulnerability exists within the web-based management interface of Cisco Unified Communications Manager and its associated services that allows an unauthenticated remote attacker to perform cross-site scripting (XSS) attacks. This issue arises from insufficient validation of user-supplied input within the interface. Attackers can exploit this weakness by luring an unsuspecting user to click on a malicious link, potentially allowing execution of arbitrary script code in the context of the affected interface or access to sensitive browser-based information.",Cisco,"Cisco Unified Communications Manager,Cisco Unified Communications Manager IM and Presence Service,Cisco Unified Communications Manager / Cisco Unity Connection",6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-08-16T21:15:00.000Z,0
CVE-2023-20116,https://securityvulnerability.io/vulnerability/CVE-2023-20116,Denial of Service Vulnerability in Cisco Unified Communications Manager,"A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition can be exploited by authenticated, remote attackers. Due to inadequate validation of user-supplied input in the Self Care Portal's web UI, attackers could send specially crafted HTTP requests to the affected devices. If successfully exploited, this could lead to a denial of service condition, disrupting the functionality of the affected communication systems.",Cisco,"Cisco Unified Communications Manager,Cisco Unified Communications Manager / Cisco Unity Connection",5.7,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2022-20800,https://securityvulnerability.io/vulnerability/CVE-2022-20800,Cisco Unified Communications Products Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Unity Connection,6.1,MEDIUM,0.0013599999947473407,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-07-06T00:00:00.000Z,0
CVE-2021-34701,https://securityvulnerability.io/vulnerability/CVE-2021-34701,Cisco Unified Communications Products Path Traversal Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.",Cisco,Cisco Unity Connection,4.3,MEDIUM,0.0008999999845400453,false,,false,false,true,2024-08-04T02:15:20.000Z,,false,false,,2021-11-04T16:15:00.000Z,0
CVE-2021-1407,https://securityvulnerability.io/vulnerability/CVE-2021-1407,Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Unity Connection,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T17:15:54.000Z,,false,false,,2021-04-08T04:15:00.000Z,0
CVE-2021-1409,https://securityvulnerability.io/vulnerability/CVE-2021-1409,Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Unity Connection,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T17:15:54.000Z,,false,false,,2021-04-08T04:15:00.000Z,0
CVE-2021-1408,https://securityvulnerability.io/vulnerability/CVE-2021-1408,Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Unity Connection,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T17:15:54.000Z,,false,false,,2021-04-08T04:15:00.000Z,0
CVE-2021-1380,https://securityvulnerability.io/vulnerability/CVE-2021-1380,Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Unity Connection,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T17:15:53.000Z,,false,false,,2021-04-08T04:15:00.000Z,0
CVE-2021-1362,https://securityvulnerability.io/vulnerability/CVE-2021-1362,Cisco Unified Communications Products Remote Code Execution Vulnerability,"A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.",Cisco,Cisco Unity Connection,8.8,HIGH,0.002589999930933118,false,,false,false,true,2024-08-03T17:15:52.000Z,,false,false,,2021-04-08T04:15:00.000Z,0
CVE-2019-15963,https://securityvulnerability.io/vulnerability/CVE-2019-15963,Cisco Unified Communications Manager Information Disclosure Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.",Cisco,Cisco Unity Connection,4.3,MEDIUM,0.001500000013038516,false,,false,false,true,2024-08-05T02:15:45.000Z,,false,false,,2020-09-23T01:15:00.000Z,0
CVE-2020-3130,https://securityvulnerability.io/vulnerability/CVE-2020-3130,Cisco Unity Connection Directory Traversal Vulnerability,A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system.,Cisco,Cisco Unity Connection,5.9,MEDIUM,0.001129999989643693,false,,false,false,true,2024-08-04T08:16:25.000Z,,false,false,,2020-09-23T01:15:00.000Z,0
CVE-2020-3282,https://securityvulnerability.io/vulnerability/CVE-2020-3282,Cisco Unified Communications Products Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Unity Connection,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-04T08:16:33.000Z,,false,false,,2020-07-02T13:15:00.000Z,0
CVE-2020-3129,https://securityvulnerability.io/vulnerability/CVE-2020-3129,Cisco Unity Connection Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element.",Cisco,Cisco Unity Connection,4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-04T08:16:25.000Z,,false,false,,2020-01-26T05:15:00.000Z,0
CVE-2019-15986,https://securityvulnerability.io/vulnerability/CVE-2019-15986,Cisco Unity Express Command Injection Vulnerability,"A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input validation for certain CLI commands that are executed on a vulnerable system. An attacker could exploit this vulnerability by logging in to the system and sending crafted CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.",Cisco,Cisco Unity Express,6.7,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-05T02:15:46.000Z,,false,false,,2019-11-26T04:15:00.000Z,0
CVE-2019-12707,https://securityvulnerability.io/vulnerability/CVE-2019-12707,Multiple Cisco Unified Communications Products Cross-Site Scripting Vulnerability,"A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Unity Connection,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-09-17T02:15:52.000Z,,false,false,,2019-10-02T00:00:00.000Z,0
CVE-2019-1685,https://securityvulnerability.io/vulnerability/CVE-2019-1685,Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability,"A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 12.5 is affected.",Cisco,Cisco Unity Connection,6.1,MEDIUM,0.0007099999929778278,false,,false,false,true,2024-08-04T19:16:04.000Z,,false,false,,2019-02-21T20:29:00.000Z,0
CVE-2018-15381,https://securityvulnerability.io/vulnerability/CVE-2018-15381,Cisco Unity Express Arbitrary Command Execution Vulnerability,"A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.",Cisco,Cisco Unity Express,9.8,CRITICAL,0.5195299983024597,false,,false,false,true,2024-08-05T10:17:49.000Z,,false,false,,2018-11-08T16:29:00.000Z,0
CVE-2018-15426,https://securityvulnerability.io/vulnerability/CVE-2018-15426,Cisco Unity Connection Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the web-based interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Unity Connection,4.8,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0