Home

CVE-2018-0201

Description

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant messages. An exploit could allow the attacker to cause the recipient chat client to make outbound requests. Cisco Bug IDs: CSCve54001.

Risk Information

Base Score
5.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.235

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-0199,CVE-2018-0201 are affected in Cisco Jabber 11.9Windows
Multiple Vulnerabilities are affected in Cisco Jabber 11.9(.0)Windows
Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability For Cisco Jabber for MacNCM
Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability For Cisco Jabber for WindowsNCM
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2018-0201)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1705811Security Update for Cisco Jabber for Windows 11.6(1.38147)
PATCH-350863Cisco Jabber (15.1.1) (Manual Upload Required)
PATCH-350863Cisco Jabber (15.1.1) (Manual Upload Required)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234