Medium severity6.1NVD Advisory· Published Sep 7, 2017· Updated May 13, 2026

CVE-2017-12212

Description

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Known Affected Releases 10.5(2). Cisco Bug IDs: CSCvf25345.

Affected products

Cisco Systems, Inc./Unity Connection
cpe:2.3:a:cisco:unity_connection:10.5\(2\):*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/100645nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039277nvdThird Party AdvisoryVDB Entry
quickview.cloudapps.cisco.com/quickview/bug/CSCvf25345nvdVendor Advisory
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cucnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000