Unified Communications Manager Im And Presence Service
CVE-2015-4294
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766.
AnalysisAI
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. Affected products include: Cisco Unified Communications Manager Im And Presence Service. Version information: before 10.5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that a
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System softw
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenti
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified C
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (for
A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence
A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service coul
Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) S
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today