Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su2_es05:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-20096 |
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering crafted text into various input fields within the web-based management interface. A successful exploit could allow the attacker to perform a stored XSS attack, which could allow the execution of scripts within the context of other users of the interface. Published: April 05, 2023; 3:15:07 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2021-1463 |
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Published: April 08, 2021; 12:15:13 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |