Cisco » Unified Web And E-mail Interaction Manager : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479.
Max CVSS
4.3
EPSS Score
0.19%
Published
2015-12-14
Updated
2016-12-07
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051.
Max CVSS
4.3
EPSS Score
0.11%
Published
2015-08-19
Updated
2017-01-04
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046.
Max CVSS
5.5
EPSS Score
0.18%
Published
2015-08-19
Updated
2016-12-28
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056.
Max CVSS
6.5
EPSS Score
0.26%
Published
2015-08-19
Updated
2016-12-28
SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028.
Max CVSS
6.8
EPSS Score
0.16%
Published
2015-05-29
Updated
2017-01-04
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.
Max CVSS
4.3
EPSS Score
0.19%
Published
2015-02-28
Updated
2015-11-02
system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity.
Max CVSS
6.8
EPSS Score
0.35%
Published
2014-05-20
Updated
2014-05-20
Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.
Max CVSS
4.3
EPSS Score
0.15%
Published
2014-05-20
Updated
2014-05-20
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-05-20
Updated
2015-09-16
9 vulnerabilities found