cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20405,https://securityvulnerability.io/vulnerability/CVE-2024-20405,Stored XSS Vulnerability in Cisco Finesse Web Management Interface,"A vulnerability in the web-based management interface of Cisco Finesse allows unauthorized, remote attackers to perform stored XSS attacks. This issue arises from insufficient validation of user-supplied input in specific HTTP requests directed to the affected device. Attackers can exploit this vulnerability by convincing users to interact with a malicious link, which could result in executing arbitrary script code in the context of the affected interface. Such an attack might lead to the exposure of sensitive information stored on the device.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unified Contact Center Express,Cisco Finesse,Cisco Packaged Contact Center Enterprise",6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,2024-06-07T18:15:04.000Z,,false,false,,2024-06-05T17:15:00.000Z,0
CVE-2024-20253,https://securityvulnerability.io/vulnerability/CVE-2024-20253,Cisco Unified Communications and Contact Center Solutions Vulnerability: Arbitrary Code Execution,"A vulnerability exists in multiple Cisco Unified Communications and Contact Center Solutions products that may allow a remote attacker to execute arbitrary code on an affected device without authentication. This issue arises from improper handling of user-input data, which is read into memory. An attacker can exploit this vulnerability by sending a specially crafted message to a listening port on the affected device. Successful exploitation could enable the attacker to run arbitrary commands on the operating system with the privileges of the web services user. This access may also allow the attacker to gain root access to the affected device, posing significant security risks.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Contact Center Express,Cisco Unified Communications Manager IM and Presence Service,Cisco Virtualized Voice Browser,Cisco Packaged Contact Center Enterprise,Cisco Unified Communications Manager / Cisco Unity Connection",10,CRITICAL,0.0030300000216811895,false,,true,false,true,2024-01-28T16:30:48.000Z,,true,false,,2024-01-26T17:28:30.761Z,4836
CVE-2023-20088,https://securityvulnerability.io/vulnerability/CVE-2023-20088,Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability,"A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit could allow the attacker to cause all current traffic and subsequent requests to the reverse proxy through a load balancer to be dropped, resulting in a DoS condition.",Cisco,Cisco Unified Contact Center Enterprise,5.3,MEDIUM,0.0013699999544769526,false,,false,false,true,2024-10-28T17:15:05.000Z,,false,false,,2023-03-03T00:00:00.000Z,0
CVE-2023-20058,https://securityvulnerability.io/vulnerability/CVE-2023-20058,Reflected Cross-Site Scripting Vulnerability in Cisco Unified Intelligence Center,"A vulnerability in the web-based management interface of Cisco Unified Intelligence Center allows an unauthenticated remote attacker to execute a reflected cross-site scripting (XSS) attack. This issue arises due to improper validation of user-supplied input, enabling attackers to craft malicious links that, when clicked by a user, can lead to the execution of arbitrary script code within the affected interface. Such exploitation can potentially access sensitive browser-based information, posing significant risks to users.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unified Contact Center Express,Cisco Unified Intelligence Center,Cisco Packaged Contact Center Enterprise",6.1,MEDIUM,0.0013599999947473407,false,,false,false,true,2024-10-25T17:15:13.000Z,,false,false,,2023-01-20T07:15:00.000Z,0
CVE-2020-3163,https://securityvulnerability.io/vulnerability/CVE-2020-3163,Cisco Unified Contact Center Enterprise Denial of Service Vulnerability,"A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection.",Cisco,Cisco Unified Contact Center Enterprise,6.8,MEDIUM,0.0015899999998509884,false,,false,false,true,2024-08-04T08:16:27.000Z,,false,false,,2020-02-19T00:00:00.000Z,0
CVE-2017-6626,https://securityvulnerability.io/vulnerability/CVE-2017-6626,,"A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314.",Cisco,Cisco Finesse For Cisco Unified Contact Center Enterprise,5.3,MEDIUM,0.0012100000167265534,false,,false,false,false,,,false,false,,2017-05-03T21:00:00.000Z,0
CVE-2016-1439,https://securityvulnerability.io/vulnerability/CVE-2016-1439,,"Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.",Cisco,Unified Contact Center Enterprise,6.1,MEDIUM,0.0012499999720603228,false,,false,false,false,,,false,false,,2016-06-23T00:00:00.000Z,0
CVE-2014-3323,https://securityvulnerability.io/vulnerability/CVE-2014-3323,,"Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262.",Cisco,Unified Contact Center Enterprise,,,0.0012100000167265534,false,,false,false,false,,,false,false,,2014-07-18T01:00:00.000Z,0
CVE-2014-2180,https://securityvulnerability.io/vulnerability/CVE-2014-2180,,"The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.",Cisco,"Unified Contact Center Express Editor Software,Unified Contact Center Enterprise",,,0.0008299999753944576,false,,false,false,false,,,false,false,,2014-04-29T10:00:00.000Z,0
CVE-2007-5539,https://securityvulnerability.io/vulnerability/CVE-2007-5539,,"Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.",Cisco,"Unified Icm Hosted,Unified Intelligent Contact Management Enterprise,Unified Contact Center Enterprise,Unified Contact Center Hosted",,,0.006949999835342169,false,,false,false,false,,,false,false,,2007-10-18T00:00:00.000Z,0
CVE-2007-0198,https://securityvulnerability.io/vulnerability/CVE-2007-0198,,"The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port.",Cisco,"Unified Contact Center Hosted,Ip Contact Center Enterprise,Ip Contact Center Hosted,Unified Contact Center Enterprise",,,0.027820000424981117,false,,false,false,false,,,false,false,,2007-01-11T11:00:00.000Z,0