Vulnslist

find the latest Cisco vulnerabilities

Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability

cisco-sa-20180221-jcf1 · Medium · Published · Updated

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant messages. An exploit could allow the attacker to cause the recipient chat client to make outbound requests. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf1

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2018-0201
Cisco Bug IDsCSCve54001
CVSS ScoreBase 4.6
Base 4.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Jabber for Windows, Cisco Jabber for Mac

Related Products

Product CVE Evidence
Cisco Jabber for Windows CVE-2018-0201 Cisco OpenVuln
Cisco Jabber for Mac CVE-2018-0201 Cisco OpenVuln
Cisco Jabber Client Framework (JCF) CVE-2018-0201 Cisco OpenVuln
Cisco Jabber CVE-2018-0201 Cisco OpenVuln