CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15434

A vulnerability in the web-based management interface of Cisco Unified IP Phone 7900 Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.3%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2018-15434

Cisco » Unified Ip Phones 7906g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7906g:*
Cisco » Unified Ip Phones 7911g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7911g:*
Cisco » Unified Ip Phones 7912g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7912g:*
Cisco » Unified Ip Phones 7920 Multi-Charger » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7920_multi-charger:*
Cisco » Unified Ip Phones 7921g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7921g:*
Cisco » Unified Ip Phones 7925g-Ex » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7925g-ex:*
Cisco » Unified Ip Phones 7925g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7925g:*
Cisco » Unified Ip Phones 7926g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7926g:*
Cisco » Unified Ip Phones 7931g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7931g:*
Cisco » Unified Ip Phones 7940g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7940g:*
Cisco » Unified Ip Phones 7941g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7941g:*
Cisco » Unified Ip Phones 7942g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7942g:*
Cisco » Unified Ip Phones 7945g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7945g:*
Cisco » Unified Ip Phones 7960g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7960g:*
Cisco » Unified Ip Phones 7961g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7961g:*
Cisco » Unified Ip Phones 7962g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7962g:*
Cisco » Unified Ip Phones 7965g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7965g:*
Cisco » Unified Ip Phones 7975g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_7975g:*
Cisco » Unified Ip Phones Conference Station 7936 » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_conference_station_7936:*
Cisco » Unified Ip Phones Conference Station 7937g » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_conference_station_7937g:*
Cisco » Unified Ip Phones Expansion Module 7915 » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_expansion_module_7915:*
Cisco » Unified Ip Phones Expansion Module 7916 » Version: Any

cpe:2.3:h:cisco:unified_ip_phones_expansion_module_7916:*
Cisco » Skinny Client Control Protocol Software » Version: 9.4(2)

cpe:2.3:o:cisco:skinny_client_control_protocol_software:9.4(2)

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15434

Products

Pricing

Contact Us