CVE-2019-1685 MEDIUM

CVE-2019-1685: Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

Vendor Cisco
Product Cisco Unity Connection
Weakness CWE-79 · XSS
Published February 21, 2019
Last update November 21, 2024
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 12.5 is affected.

Key dates

02Disclosure timeline

February 21, 2019 CVE published
November 21, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-31937 WordPress TWIPLA (Visitor Analytics IO) plugin <= 1.2.0 - Cross-Site Scripting (XSS) vulnerability CVE-2025-7363 TitleIcon: Stored Cross-Site Scripting (XSS) via #titleicon_unicode parser function CVE-2025-22781 WordPress Nativery Plugin plugin <= 0.1.6 - Cross Site Scripting (XSS) vulnerability CVE-2024-9213 Persian WooCommerce SMS <= 7.0.2 - Reflected Cross-Site Scripting CVE-2021-24710 Print-O-Matic < 2.0.3 - Admin+ Stored Cross-Site Scripting