First published: Thu Feb 22 2018(Updated: )
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Jabber | =11.9 | |
Cisco Jabber | =11.9\(0\) | |
Cisco Jabber |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0199 is a vulnerability in Cisco Jabber Client Framework (JCF) that allows an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device.
CVE-2018-0199 affects Cisco Jabber versions 11.9 on Windows and Mac OS X.
The severity of CVE-2018-0199 is medium with a CVSS score of 6.1.
An attacker can exploit CVE-2018-0199 by injecting malicious scripts into a web page viewed by a user of an affected device.
Yes, you can find more information about CVE-2018-0199 at the following references: [1] http://www.securityfocus.com/bid/103143 [2] http://www.securitytracker.com/id/1040407 [3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf