OR
     *cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* versions from (including) 14.0 up to (excluding) 14su2
     *cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:* versions from (including) 14.0 up to (excluding) 14su2
     *cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:* versions from (including) 11.5\(1\) up to (excluding) 11.5\(1\)su11
     *cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:* versions from (including) 12.5\(1\) up to (excluding) 12.5\(1\)su6
     *cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:* versions from (including) 14.0 up to (excluding) 14.0su2

NIST (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Victim must voluntarily interact with attack mechanism

NIST AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

NIST CWE-79

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA No Types Assigned

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA Vendor Advisory