How severe is CVE-2018-0444?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2018-0444?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2018-0444 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.

Related Vulnerabilities

CVE-2016-10865

MEDIUM

CVSS:6.1(Medium)

The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.

CWE-3522016

CVE-2016-11084

MEDIUM

CVSS:6.1(Medium)

An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.

CWE-3522016

CVE-2016-6158

MEDIUM

CVSS:6.1(Medium)

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators...

CWE-3522016

CVE-2016-6642

MEDIUM

CVSS:6.1(Medium)

Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.

CWE-3522016

CVE-2018-1432

MEDIUM

CVSS:6.1(Medium)

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML...

CWE-3522018

CVE-2019-18677

MEDIUM

CVSS:6.1(Medium)

An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to inc...

CWE-3522019