Cisco: >> Prime Collaboration Deployment >> 10.5.0 Security Vulnerabilities
A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Cisco plans to release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVSS Score
6.1
EPSS Score
0.009
Published
2024-11-15
SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-06-23