Medium severity5.4NVD Advisory· Published Oct 5, 2017· Updated Jun 17, 2026
CVE-2017-12269
CVE-2017-12269
Description
A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this vulnerability by injecting XSS content into the web UI of the affected software. A successful exploit could allow the attacker to force a user to execute code of the attacker's choosing or allow the attacker to retrieve sensitive information from the user. Cisco Bug IDs: CSCvf70587, CSCvf70592.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:cisco:spark:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cisco:spark:-:*:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/101150nvdThird Party AdvisoryVDB Entry
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-sprknvdVendor Advisory
News mentions
0No linked articles in our index yet.