How severe is CVE-2024-20310?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2024-20310?

This is classified as CWE-23, which is a common weakness in software security.

CVE-2024-20310 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Related Vulnerabilities

CVE-2024-32116

MEDIUM

CVSS:6.0(Medium)

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAna...

CWE-232024

CVE-2020-8865

MEDIUM

CVSS:6.3(Medium)

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The...

CWE-232020

CVE-2024-10019

MEDIUM

CVSS:6.3(Medium)

A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. The function does not properly sanitize the `app_name` ...

CWE-232024

CVE-2023-4914

MEDIUM

CVSS:5.8(Medium)

Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.

CWE-232023

CVE-2018-5448

MEDIUM

CVSS:5.7(Medium)

Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.

CWE-232018

CVE-2018-13299

MEDIUM

CVSS:6.5(Medium)

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.

CWE-232018