CVE-2015-4272 - Transmontane Cockfight
Description
Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter aka Bug ID CSCut19580.
Reference
http://tools.cisco.com/security/center/viewAlert.x?alertId=39905 http://www.securitytracker.com/id/1032888