A vulnerability in the web framework of Cisco Unified Communications Domain Manager (UCDM) Software could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack.

The vulnerability is due to insufficient input validation of user-submitted content.

An attacker could exploit this vulnerability by disguising embedded, malicious HTML in the affected web page and persuading the user to access a page that uses variables to express the malicious HTML.

Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cucdm
A vulnerability in the web framework of Cisco Unified Communications Domain Manager (UCDM) Software could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack.

The vulnerability is due to insufficient input validation of user-submitted content.

An attacker could exploit this vulnerability by disguising embedded, malicious HTML in the affected web page and persuading the user to access a page that uses variables to express the malicious HTML.

Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cucdm

Security Impact Rating: Medium

CVE: CVE-2016-1354