TL;DR π
A stored cross-site scripting (XSS) vulnerability has been identified in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). This vulnerability allows an authenticated remote attacker to execute arbitrary script code, potentially accessing sensitive information. Cisco has released fixed software updates, but no workarounds are available.
What happened π΅οΈββοΈ
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated attacker to conduct a cross-site scripting (XSS) attack. This occurs because the interface fails to properly validate user input, enabling the injection of malicious code. Successful exploitation could lead to the execution of arbitrary scripts in the context of the affected interface, compromising sensitive, browser-based information.