Vulnerability Description
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant messages. An exploit could allow the attacker to cause the recipient chat client to make outbound requests. Cisco Bug IDs: CSCve54001.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Jabber | 11.9 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103133Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040406Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/103133Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040406Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0201?
CVE-2018-0201 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerabil...
How severe is CVE-2018-0201?
CVE-2018-0201 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0201?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Jabber.