A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site

CISCO

02-07-2025 19:35

CVE-2025-20310 Vulnerabilidad documentada

Sin puntuación

Tags

#xss

#site

#exploit

#cross

#web

#form

#cross-site

#cisco

#vulnerability

#browser

#cross-site scripting

#affected

#authenticated

#arbitrary

#scripting

#remote

#execute

#allow

#attack

#access

#affect

Descripción

A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against user interface. This exists because does not properly validate user-supplied input. An exploit this by persuading interface click crafted link. A successful execute arbitrary script code context affected or access sensitive, browser-based information. To successfully vulnerability, would need valid agent credentials.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-20310

Resultados similares

Coincidentes en almenos en 50% de los tags

02-07-2025 CVE-2025-20309
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communic...
Ver información

02-07-2025 CVE-2025-20308
A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to eleva...
Ver información