Test ID:	1.3.6.1.4.1.25623.1.0.803167
Category:	CISCO
Title:	Cisco Unity Express Multiple XSS and CSRF Vulnerabilities (Cisco-SA-20130201-CVE-2013-1114, Cisco-SA-20130201-CVE-2013-1120) - Active Check
Summary:	Cisco Unity Express is prone to multiple cross-site scripting; (XSS) and cross-site request forgery (CSRF) vulnerabilities.
Description:	Summary: Cisco Unity Express is prone to multiple cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2013-1114: Multiple cross-site scripting (XSS) - CVE-2013-1120: Multiple cross-site request forgery (CSRF) Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in context of an affected site and perform certain actions when a logged-in user visits a specially crafted web page. Affected Software/OS: Cisco Unity Express prior to version 8.0. Solution: Update to version 8.0 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1114 Cisco Security Advisory: 20130201 Cisco Unity Express Cross Site Scripting Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114 Common Vulnerability Exposure (CVE) ID: CVE-2013-1120 Cisco Security Advisory: 20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.