cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-1599,https://securityvulnerability.io/vulnerability/CVE-2021-1599,Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface, access sensitive, browser-based information, or cause an affected device to reboot under certain conditions.",Cisco,Cisco Unified Customer Voice Portal (cvp),5.4,MEDIUM,0.0006500000017695129,false,,false,false,true,2024-08-03T17:16:03.000Z,,false,false,,2021-07-22T16:15:00.000Z,0
CVE-2021-1245,https://securityvulnerability.io/vulnerability/CVE-2021-1245,Cisco Finesse OpenSocial Gadget Editor Cross-Site Scripting Vulnerability,"Cisco Finesse and Cisco Unified CVP OpenSocial Gadget Editor Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Finesse and Cisco Unified CVP could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.",Cisco,Cisco Unified Customer Voice Portal (cvp),6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T17:15:46.000Z,,false,false,,2021-01-13T00:00:00.000Z,0
CVE-2021-1246,https://securityvulnerability.io/vulnerability/CVE-2021-1246,Cisco Finesse OpenSocial Gadget Editor Unauthenticated Access Vulnerability,"Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP OpenSocial Gadget Editor Unauthenticated Access Vulnerability

A vulnerability in the web management interface of Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP could allow an unauthenticated, remote attacker to access the OpenSocial Gadget Editor without providing valid user credentials.
The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to obtain potentially confidential information and create arbitrary XML files.
Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.",Cisco,Cisco Unified Customer Voice Portal (cvp),6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T17:15:46.000Z,,false,false,,2021-01-13T00:00:00.000Z,0
CVE-2019-16017,https://securityvulnerability.io/vulnerability/CVE-2019-16017,Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability,"A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. The vulnerability is due to insufficient input validation on specific pages of the OAMP application. An attacker could exploit this vulnerability by authenticating to Cisco Unified CVP and sending crafted HTTP requests. A successful exploit could allow an attacker with administrator or read-only privileges to learn information outside of their expected scope. An attacker with administrator privileges could modify certain configuration details of resources outside of their defined scope, which could result in a denial of service (DoS) condition.",Cisco,Cisco Unified Customer Voice Portal (cvp),6.8,MEDIUM,0.0009500000160187483,false,,false,false,true,2024-08-05T02:15:48.000Z,,false,false,,2020-09-23T01:15:00.000Z,0
CVE-2018-0139,https://securityvulnerability.io/vulnerability/CVE-2018-0139,,"A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this vulnerability by initiating a crafted connection to the IP address of the targeted CVP device. An exploit could allow the attacker to disconnect the IVR to CVP connection, creating a DoS condition that prevents the CVP from accepting new, incoming calls while the IVR automatically attempts to re-establish the connection to the CVP. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) Software Release 11.5(1). Cisco Bug IDs: CSCve70560.",Cisco,Cisco Unified Customer Voice Portal,8.6,HIGH,0.003000000026077032,false,,false,false,false,,,false,false,,2018-02-22T00:00:00.000Z,0
CVE-2018-0086,https://securityvulnerability.io/vulnerability/CVE-2018-0086,,"A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840.",Cisco,Cisco Unified Customer Voice Portal,8.6,HIGH,0.003000000026077032,false,,false,false,false,,,false,false,,2018-01-18T06:00:00.000Z,0
CVE-2017-12214,https://securityvulnerability.io/vulnerability/CVE-2017-12214,,"A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752.",Cisco,Cisco Unified Customer Voice Portal,8.8,HIGH,0.00279999990016222,false,,false,false,false,,,false,false,,2017-09-21T05:00:00.000Z,0
CVE-2015-0735,https://securityvulnerability.io/vulnerability/CVE-2015-0735,,"Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970.",Cisco,Unified Customer Voice Portal,,,0.001120000029914081,false,,false,false,false,,,false,false,,2015-05-17T01:00:00.000Z,0
CVE-2014-3325,https://securityvulnerability.io/vulnerability/CVE-2014-3325,,"Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733.",Cisco,Unified Customer Voice Portal,,,0.0010600000387057662,false,,false,false,false,,,false,false,,2014-07-19T19:00:00.000Z,0
CVE-2013-1221,https://securityvulnerability.io/vulnerability/CVE-2013-1221,,"The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.",Cisco,Unified Customer Voice Portal,,,0.0055599999614059925,false,,false,false,false,,,false,false,,2013-05-09T12:31:00.000Z,0
CVE-2013-1224,https://securityvulnerability.io/vulnerability/CVE-2013-1224,,"Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.",Cisco,Unified Customer Voice Portal,,,0.0030900000128895044,false,,false,false,false,,,false,false,,2013-05-09T12:31:00.000Z,0
CVE-2013-1223,https://securityvulnerability.io/vulnerability/CVE-2013-1223,,"The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372.",Cisco,Unified Customer Voice Portal,,,0.0024800000246614218,false,,false,false,false,,,false,false,,2013-05-09T12:31:00.000Z,0
CVE-2013-1220,https://securityvulnerability.io/vulnerability/CVE-2013-1220,,"The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVITE messages, aka Bug ID CSCua65148.",Cisco,Unified Customer Voice Portal,,,0.001610000035725534,false,,false,false,false,,,false,false,,2013-05-09T12:31:00.000Z,0
CVE-2013-1225,https://securityvulnerability.io/vulnerability/CVE-2013-1225,,"Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366.",Cisco,Unified Customer Voice Portal,,,0.0024800000246614218,false,,false,false,false,,,false,false,,2013-05-09T12:31:00.000Z,0
CVE-2013-1222,https://securityvulnerability.io/vulnerability/CVE-2013-1222,,"The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379.",Cisco,Unified Customer Voice Portal,,,0.0015800000401213765,false,,false,false,false,,,false,false,,2013-05-09T12:31:00.000Z,0
CVE-2008-2053,https://securityvulnerability.io/vulnerability/CVE-2008-2053,,"Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account.",Cisco,Unified Customer Voice Portal,,,0.00546000013127923,false,,false,false,false,,,false,false,,2008-05-22T10:00:00.000Z,0