CVE-2024-20305
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Jan 26, 2024
Updated: Feb 15, 2024
CWE ID 79
Summary
CVE-2024-20305 is a newly disclosed vulnerability affecting the web-based management interface of Cisco Unity Connection. This issue permits authenticated, remote attackers to execute cross-site scripting (XSS) attacks against users of the interface. The root cause is the interface's failure to adequately validate user-supplied input. An attacker can trick a user into clicking a malicious link, leading to the execution of arbitrary script code within the affected interface or the potential access to sensitive browser-based information.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Cisco Unity Connection
Affected Vendors
- Cisco Systems Inc