cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20405,https://securityvulnerability.io/vulnerability/CVE-2024-20405,Stored XSS Vulnerability in Cisco Finesse Web Management Interface,"A vulnerability in the web-based management interface of Cisco Finesse allows unauthorized, remote attackers to perform stored XSS attacks. This issue arises from insufficient validation of user-supplied input in specific HTTP requests directed to the affected device. Attackers can exploit this vulnerability by convincing users to interact with a malicious link, which could result in executing arbitrary script code in the context of the affected interface. Such an attack might lead to the exposure of sensitive information stored on the device.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unified Contact Center Express,Cisco Finesse,Cisco Packaged Contact Center Enterprise",6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,2024-06-07T18:15:04.000Z,,false,false,,2024-06-05T17:15:00.000Z,0
CVE-2024-20253,https://securityvulnerability.io/vulnerability/CVE-2024-20253,Cisco Unified Communications and Contact Center Solutions Vulnerability: Arbitrary Code Execution,"A vulnerability exists in multiple Cisco Unified Communications and Contact Center Solutions products that may allow a remote attacker to execute arbitrary code on an affected device without authentication. This issue arises from improper handling of user-input data, which is read into memory. An attacker can exploit this vulnerability by sending a specially crafted message to a listening port on the affected device. Successful exploitation could enable the attacker to run arbitrary commands on the operating system with the privileges of the web services user. This access may also allow the attacker to gain root access to the affected device, posing significant security risks.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Contact Center Express,Cisco Unified Communications Manager IM and Presence Service,Cisco Virtualized Voice Browser,Cisco Packaged Contact Center Enterprise,Cisco Unified Communications Manager / Cisco Unity Connection",10,CRITICAL,0.0030300000216811895,false,,true,false,true,2024-01-28T16:30:48.000Z,,true,false,,2024-01-26T17:28:30.761Z,4836
CVE-2023-20232,https://securityvulnerability.io/vulnerability/CVE-2023-20232,Web Cache Poisoning Risk in Cisco Unified Contact Center Express,"A flaw in the Tomcat implementation for Cisco Unified Contact Center Express allows unauthenticated, remote actors to initiate a web cache poisoning attack. This vulnerability arises from inadequate validation of HTTP requests, enabling attackers to exploit it by sending specially crafted requests to specific API endpoints on the Unified CCX Finesse Portal. A successful exploitation can redirect users through the internal WebProxy to malicious sites controlled by the attacker, potentially compromising sensitive information and disrupting service.",Cisco,Cisco Unified Contact Center Express,5.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20096,https://securityvulnerability.io/vulnerability/CVE-2023-20096,Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering crafted text into various input fields within the web-based management interface. A successful exploit could allow the attacker to perform a stored XSS attack, which could allow the execution of scripts within the context of other users of the interface.",Cisco,Cisco Unified Contact Center Express,5.4,MEDIUM,0.0006500000017695129,false,,false,false,true,2024-10-25T17:15:14.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2023-20058,https://securityvulnerability.io/vulnerability/CVE-2023-20058,Reflected Cross-Site Scripting Vulnerability in Cisco Unified Intelligence Center,"A vulnerability in the web-based management interface of Cisco Unified Intelligence Center allows an unauthenticated remote attacker to execute a reflected cross-site scripting (XSS) attack. This issue arises due to improper validation of user-supplied input, enabling attackers to craft malicious links that, when clicked by a user, can lead to the execution of arbitrary script code within the affected interface. Such exploitation can potentially access sensitive browser-based information, posing significant risks to users.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unified Contact Center Express,Cisco Unified Intelligence Center,Cisco Packaged Contact Center Enterprise",6.1,MEDIUM,0.0013599999947473407,false,,false,false,true,2024-10-25T17:15:13.000Z,,false,false,,2023-01-20T07:15:00.000Z,0
CVE-2021-1395,https://securityvulnerability.io/vulnerability/CVE-2021-1395,Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Unified Contact Center Express,4.7,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T17:15:54.000Z,,false,false,,2021-06-16T00:00:00.000Z,0
CVE-2021-1358,https://securityvulnerability.io/vulnerability/CVE-2021-1358,Cisco Finesse Open Redirect Vulnerability,"A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.",Cisco,Cisco Unified Contact Center Express,4.7,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-03T17:15:52.000Z,,false,false,,2021-05-22T07:15:00.000Z,0
CVE-2021-1254,https://securityvulnerability.io/vulnerability/CVE-2021-1254,Cisco Finesse Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities by injecting malicious code into the web-based management interface and persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. An attacker needs valid administrator credentials to inject the malicious script code.",Cisco,Cisco Unified Contact Center Express,4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-03T17:15:46.000Z,,false,false,,2021-05-22T07:15:00.000Z,0
CVE-2021-1463,https://securityvulnerability.io/vulnerability/CVE-2021-1463,Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Unified Contact Center Express,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T17:15:57.000Z,,false,false,,2021-04-08T04:15:00.000Z,0
CVE-2019-1888,https://securityvulnerability.io/vulnerability/CVE-2019-1888,Cisco Unified Contact Center Express Privilege Escalation Vulnerability,"A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficient restrictions for the content uploaded to an affected system. An attacker could exploit this vulnerability by uploading arbitrary files containing operating system commands that will be executed by an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web interface and then elevate their privileges to root.",Cisco,Cisco Unified Contact Center Express,7.2,HIGH,0.019600000232458115,false,,false,false,true,2024-08-04T19:16:16.000Z,,false,false,,2020-09-23T01:15:00.000Z,0
CVE-2020-3267,https://securityvulnerability.io/vulnerability/CVE-2020-3267,Cisco Unified Contact Center Express Improper API Authorization Vulnerability,"A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by authenticating to an affected system with valid agent credentials and performing a specific API call with crafted input. A successful exploit could allow the attacker to change the availability state of an agent, potentially causing a denial of service condition.",Cisco,Cisco Unified Contact Center Express,5.4,MEDIUM,0.0010900000343099236,false,,false,false,true,2024-08-04T08:16:32.000Z,,false,false,,2020-06-03T00:00:00.000Z,0
CVE-2020-3280,https://securityvulnerability.io/vulnerability/CVE-2020-3280,Cisco Unified Contact Center Express Remote Code Execution Vulnerability,"A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device.",Cisco,Cisco Unified Contact Center Express,9.8,CRITICAL,0.008700000122189522,false,,false,false,true,2024-08-04T08:16:33.000Z,,false,false,,2020-05-22T06:15:00.000Z,0
CVE-2019-15259,https://securityvulnerability.io/vulnerability/CVE-2019-15259,Cisco Unified Contact Center Express HTTP Response Splitting Vulnerability,"A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker to perform cross-site scripting attacks, web cache poisoning, access sensitive browser-based information, and similar exploits.",Cisco,Cisco Unified Contact Center Express,6.1,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-05T02:15:28.000Z,,false,false,,2019-10-02T00:00:00.000Z,0
CVE-2019-12633,https://securityvulnerability.io/vulnerability/CVE-2019-12633,Cisco Unified Contact Center Express Request Processing Server-Side Request Forgery Vulnerability,"A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and perform unauthorized actions.",Cisco,Cisco Unified Contact Center Express,5.3,MEDIUM,0.00139999995008111,false,,false,false,true,2024-09-16T20:17:51.000Z,,false,false,,2019-09-05T02:15:00.000Z,0
CVE-2019-12626,https://securityvulnerability.io/vulnerability/CVE-2019-12626,Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs valid administrator credentials.",Cisco,Cisco Unified Contact Center Express,4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-09-16T20:17:51.000Z,,false,false,,2019-08-21T00:00:00.000Z,0
CVE-2019-1670,https://securityvulnerability.io/vulnerability/CVE-2019-1670,Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user.",Cisco,Cisco Unified Contact Center Express,6.1,MEDIUM,0.0007099999929778278,false,,false,false,true,2024-08-04T19:16:03.000Z,,false,false,,2019-02-07T22:29:00.000Z,0
CVE-2018-0401,https://securityvulnerability.io/vulnerability/CVE-2018-0401,,"Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967.",Cisco,Cisco Unified Contact Center Express Unknown,6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2018-07-18T23:29:00.000Z,0
CVE-2018-0400,https://securityvulnerability.io/vulnerability/CVE-2018-0400,,"Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904.",Cisco,Cisco Unified Contact Center Express Unknown,6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2018-07-18T23:29:00.000Z,0
CVE-2018-0402,https://securityvulnerability.io/vulnerability/CVE-2018-0402,,"Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921.",Cisco,Cisco Unified Contact Center Express Unknown,8.8,HIGH,0.0008200000156648457,false,,false,false,false,,,false,false,,2018-07-18T23:29:00.000Z,0
CVE-2018-0403,https://securityvulnerability.io/vulnerability/CVE-2018-0403,,"Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040.",Cisco,Cisco Unified Contact Center Express Unknown,9.8,CRITICAL,0.0020800000056624413,false,,false,false,false,,,false,false,,2018-07-18T23:29:00.000Z,0
CVE-2017-12288,https://securityvulnerability.io/vulnerability/CVE-2017-12288,,"A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf09173.",Cisco,Cisco Unified Contact Center Express,6.1,MEDIUM,0.0010000000474974513,false,,false,false,false,,,false,false,,2017-10-19T08:00:00.000Z,0
CVE-2017-6722,https://securityvulnerability.io/vulnerability/CVE-2017-6722,,"A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61).",Cisco,Cisco Unified Contact Center Express,6.1,MEDIUM,0.0013000000035390258,false,,false,false,false,,,false,false,,2017-07-04T00:00:00.000Z,0