CVE-2018-0201

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant messages. An exploit could allow the attacker to cause the recipient chat client to make outbound requests. Cisco Bug IDs: CSCve54001.

Severity	MEDIUM
CVSS	5.4
CWE	CWE-79
KEV
Published	8 years ago
Modified	1 year ago

Related Products

Product	Advisory	Evidence
Cisco Jabber for Windows	cisco-sa-20180221-jcf1	Cisco OpenVuln
Cisco Jabber for Mac	cisco-sa-20180221-jcf1	Cisco OpenVuln
Cisco Jabber Client Framework (JCF)	cisco-sa-20180221-jcf1	Cisco OpenVuln
Cisco Jabber	cisco-sa-20180221-jcf1	Cisco OpenVuln