Cisco – Cross Site Scripting in Cisco Costumer Voice Portal

Advisory ID


Vulnerability Information

Due to insufficient input validation of a parameter in multiple pages used by the web interface of Cisco Unified Voice Portal versions 9.0 (1) and 10.0 (1), an unauthenticated user could cause a Cross Site Scripting attack against the user of a web interface.  For more information on the affected versions, CVE-2014-3325 was assigned for this bug.

Release Date



SIP (Session Initiation Protocol) is a protocol used for the initiation, modification and termination of voice and video calls through IP networks. This protocol is implemented in multiple Cisco systems products such as routers, switches and Firewalls.



The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit

External Resources



Common Vulnerabilities and Exposures (CVE)

Cisco Security Advisory