How severe is CVE-2021-1409?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2021-1409?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2021-1409 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Related Vulnerabilities

CVE-2021-1380

MEDIUM

CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P...

CWE-892021

CVE-2021-1407

MEDIUM

CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P...

CWE-892021

CVE-2021-1408

MEDIUM

CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P...

CWE-892021

CVE-2022-29652

MEDIUM

CVSS:6.1(Medium)

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client.

CWE-892022

CVE-2023-29459

MEDIUM

CVSS:6.1(Medium)

The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this ...

CWE-892023

CVE-2023-32115

MEDIUM

CVSS:6.1(Medium)

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.

CWE-892023