CVE-2015-0749 | Date: (C)2020-02-19 (M)2023-12-22 |
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 6.1 | CVSS Score : 4.3 |
Exploit Score: 2.8 | Exploit Score: 8.6 |
Impact Score: 2.7 | Impact Score: 2.9 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: NETWORK | Access Vector: NETWORK |
Attack Complexity: LOW | Access Complexity: MEDIUM |
Privileges Required: NONE | Authentication: NONE |
User Interaction: REQUIRED | Confidentiality: NONE |
Scope: CHANGED | Integrity: PARTIAL |
Confidentiality: LOW | Availability: NONE |
Integrity: LOW | |
Availability: NONE | |
| |