Vulnerability Description
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Jabber | 11.9 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103143Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040407Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/103143Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040407Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0199?
CVE-2018-0199 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerab...
How severe is CVE-2018-0199?
CVE-2018-0199 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0199?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Jabber.