A vulnerability in the web framework code of Cisco IP Interoperability and Collaboration System could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.

The vulnerability is due to insufficient XSS protections.

An attacker could exploit this vulnerability by persuading a user of an affected system to follow a malicious link.

Cisco has not released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic
A vulnerability in the web framework code of Cisco IP Interoperability and Collaboration System could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.

The vulnerability is due to insufficient XSS protections.

An attacker could exploit this vulnerability by persuading a user of an affected system to follow a malicious link.

Cisco has not released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic

Security Impact Rating: Medium

CVE: CVE-2016-1375