cisco-sa-20160302-cucdm

A vulnerability in the web framework of Cisco Unified Communications Domain Manager (UCDM) Software could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation of user-submitted content. An attacker could exploit this vulnerability by disguising embedded, malicious HTML in the affected web page and persuading the user to access a page that uses variables to express the malicious HTML. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.