Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P). This vulnerability allows an unauthenticated, remote attacker to conduct an XSS attack against users of the interface. The issue arises because the management interface fails to properly validate user-supplied input. An attacker could exploit this by persuading a user to click a crafted link, potentially executing arbitrary script code in the context of the affected interface or accessing sensitive browser-based information.

Impact

Exploitation of this vulnerability could allow an attacker to perform a cross-site scripting attack, executing arbitrary script code in the context of the user's interface or accessing sensitive browser-based information.

Remediation

Cisco has released software updates to address this vulnerability. Users are advised to consult the Cisco Security Advisories page for information on fixed releases and upgrade instructions.