Patches not yet ready
16 Feb 2016 at 03:03, Richard Chirgwin Cisco is warning customers of a couple of new medium-level security vulnerabilities.
The first is a bug in Cisco's Emergency Responder (CER) software, part of the company's Unified Communications System.
CER is a purpose-built module for emergency services customers, feeding the location of phones making incoming calls to the emergency service, and automatically tracking when the caller moves from one location to the other.
CER's Web framework code doesn't properly validate input parameters passed to the Web server, and that opens up the system to a cross-site scripting (XSS) attack.
Full Article