MEDIUM 6.1 Published on 2016-02-06

CVE-2016-1311

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224.

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS 0.3% percentile 48.3%

Affected tracked apps

Guest Access

com.cisco.jabberGuest

1 open

Vulnerable CPE configurations

Vendor	Product	Platform	Versions	CPE 2.3 URI
cisco	jabber_guest	iOS	—	cpe:2.3:a:cisco:jabber_guest:10.6.8:::::::*

View on NVD ↗