CVE-2018-15426

CVE-2018-15426: Cisco Unity Connection Stored Cross-Site Scripting Vulnerability

Vendor Cisco

Product Cisco Unity Connection

Weakness CWE-79 · XSS

Published October 5, 2018

Last update November 26, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the web-based interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Key dates

02Disclosure timeline

October 5, 2018 CVE published

November 26, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-15426

Related vulnerabilities

04Related CVE

CVE-2026-4069 Alfie – Feed Plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter CVE-2022-1566 Quotes llama < 1.0.0 - Admin+ Stored Cross-Site Scripting CVE-2023-44389 Zope management interface vulnerable to stored cross site scripting via the title property CVE-2025-23679 WordPress FP RSS Category Excluder plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-24635 WordPress Paytm – Donation Plugin plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability