SEE: (TechRepublic Premium) Cisco says the bugs allow an attacker to "execute arbitrary programs on the underlying operating system with elevated privileges or gain access to sensitive information". Customers have no other option but to install the latest updates to prevent attacks. Norwegian security outfit Watchcom found earlier this year that Jabber was vulnerable to cross-site scripting (XSS) through XHTML-IM messages. Jabber did not properly sanitize incoming HTML messages and instead passed them through a faulty XSS filter. Cisco notes that the new message-handling vulnerabilities can be exploited if an attacker can send Extensible Messaging and Presence Protocol (XMPP) messages to end-user systems running Cisco Jabber.