Description
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Cisco / Cisco Packaged Contact Center Enterprise11.6(1) – 11.6(1)
- Cisco / Cisco Packaged Contact Center Enterprise12.6(1) – 12.6(1)
- Cisco / Cisco Packaged Contact Center Enterprise12.5(2) – 12.5(2)
- Cisco / Cisco Packaged Contact Center Enterprise12.5(1) – 12.5(1)
- Cisco / Cisco Packaged Contact Center Enterprise12.0(1) – 12.0(1)
- Cisco / Cisco Packaged Contact Center Enterprise11.6(2) – 11.6(2)
- Cisco / Cisco Unified Contact Center EnterpriseN/A – N/A
- Cisco / Cisco Unified Contact Center Express11.6(2) – 11.6(2)
- Cisco / Cisco Unified Contact Center Express11.6(1) – 11.6(1)
- Cisco / Cisco Unified Contact Center Express12.5(1)SU2 – 12.5(1)SU2
- Cisco / Cisco Unified Contact Center Express12.5(1)SU1 – 12.5(1)SU1
- Cisco / Cisco Unified Contact Center Express12.5(1) – 12.5(1)
- Cisco / Cisco Unified Contact Center Express12.0(1) – 12.0(1)
- Cisco / Cisco Unified Contact Center Express11.0(1)SU1 – 11.0(1)SU1
- Cisco / Cisco Unified Intelligence Center12.6(1) – 12.6(1)
- Cisco / Cisco Unified Intelligence Center11.0(1) – 11.0(1)
- Cisco / Cisco Unified Intelligence Center11.5(1) – 11.5(1)
- Cisco / Cisco Unified Intelligence Center11.6(1) – 11.6(1)
- Cisco / Cisco Unified Intelligence Center12.0(1) – 12.0(1)
- Cisco / Cisco Unified Intelligence Center12.5(1) – 12.5(1)
- Cisco / Cisco Unified Intelligence Center12.5(1)SU – 12.5(1)SU