Cisco IP Phone 8800 Series are prone to an arbitrary script-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary script code within the context of the affected application.
This issue is tracked by Cisco Bug ID CSCvm95999.
Information
Exploit
To launch an attack, an attacker must entice a victim into viewing a malicious website.
References: