cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20405,https://securityvulnerability.io/vulnerability/CVE-2024-20405,Stored XSS Vulnerability in Cisco Finesse Web Management Interface,"A vulnerability in the web-based management interface of Cisco Finesse allows unauthorized, remote attackers to perform stored XSS attacks. This issue arises from insufficient validation of user-supplied input in specific HTTP requests directed to the affected device. Attackers can exploit this vulnerability by convincing users to interact with a malicious link, which could result in executing arbitrary script code in the context of the affected interface. Such an attack might lead to the exposure of sensitive information stored on the device.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unified Contact Center Express,Cisco Finesse,Cisco Packaged Contact Center Enterprise",6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,2024-06-07T18:15:04.000Z,,false,false,,2024-06-05T17:15:00.000Z,0
CVE-2024-20253,https://securityvulnerability.io/vulnerability/CVE-2024-20253,Cisco Unified Communications and Contact Center Solutions Vulnerability: Arbitrary Code Execution,"A vulnerability exists in multiple Cisco Unified Communications and Contact Center Solutions products that may allow a remote attacker to execute arbitrary code on an affected device without authentication. This issue arises from improper handling of user-input data, which is read into memory. An attacker can exploit this vulnerability by sending a specially crafted message to a listening port on the affected device. Successful exploitation could enable the attacker to run arbitrary commands on the operating system with the privileges of the web services user. This access may also allow the attacker to gain root access to the affected device, posing significant security risks.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Contact Center Express,Cisco Unified Communications Manager IM and Presence Service,Cisco Virtualized Voice Browser,Cisco Packaged Contact Center Enterprise,Cisco Unified Communications Manager / Cisco Unity Connection",10,CRITICAL,0.0030300000216811895,false,,true,false,true,2024-01-28T16:30:48.000Z,,true,false,,2024-01-26T17:28:30.761Z,4836
CVE-2023-20058,https://securityvulnerability.io/vulnerability/CVE-2023-20058,Reflected Cross-Site Scripting Vulnerability in Cisco Unified Intelligence Center,"A vulnerability in the web-based management interface of Cisco Unified Intelligence Center allows an unauthenticated remote attacker to execute a reflected cross-site scripting (XSS) attack. This issue arises due to improper validation of user-supplied input, enabling attackers to craft malicious links that, when clicked by a user, can lead to the execution of arbitrary script code within the affected interface. Such exploitation can potentially access sensitive browser-based information, posing significant risks to users.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unified Contact Center Express,Cisco Unified Intelligence Center,Cisco Packaged Contact Center Enterprise",6.1,MEDIUM,0.0013599999947473407,false,,false,false,true,2024-10-25T17:15:13.000Z,,false,false,,2023-01-20T07:15:00.000Z,0
CVE-2018-0444,https://securityvulnerability.io/vulnerability/CVE-2018-0444,Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.",Cisco,Cisco Packaged Contact Center Enterprise,6.1,MEDIUM,0.0009500000160187483,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0
CVE-2018-0445,https://securityvulnerability.io/vulnerability/CVE-2018-0445,Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability,"A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.",Cisco,Cisco Packaged Contact Center Enterprise,8.8,HIGH,0.0009599999757483602,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0