Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability

2018-02-2116:00:00

tools.cisco.com

EPSS

0.001

Percentile

34.7%

JSON

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device.

The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant messages. An exploit could allow the attacker to cause the recipient chat client to make outbound requests.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf1 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf1”]

Affected configurations

Vulners

Node

ciscocisco_jabber_for_windowsMatchany

ciscocisco_jabber_for_macMatchany

ciscocisco_jabber_for_windowsMatchany

ciscocisco_jabber_for_macMatchany

VendorProductVersionCPE
ciscocisco_jabber_for_windowsanycpe:2.3:a:cisco:cisco_jabber_for_windows:any:*:*:*:*:*:*:*
ciscocisco_jabber_for_macanycpe:2.3:a:cisco:cisco_jabber_for_mac:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	cisco_jabber_for_windows	any	cpe:2.3:a:cisco:cisco_jabber_for_windows:any:::::::*
cisco	cisco_jabber_for_mac	any	cpe:2.3:a:cisco:cisco_jabber_for_mac:any:::::::*