TL;DR 📌

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service. This flaw could allow an unauthenticated remote attacker to execute arbitrary script code, potentially compromising sensitive information. Cisco has released fixed software versions, and there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) was discovered. This vulnerability arises from improper validation of user-supplied input, enabling an attacker to conduct a cross-site scripting (XSS) attack. By persuading a user to click on a malicious link, an attacker could execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.