cpe:/a:cisco:unified_communications_manager:12.0%280.98000.452%29 CVE-2017-3888 2017-04-07T13:59:00.480-04:00 2017-07-11T21:29:17.380-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov SECTRACK 1038193 BID 97431 CONFIRM https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1 A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).