cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20325,https://securityvulnerability.io/vulnerability/CVE-2024-20325,Unauthenticated Attacker Could Read and Modify Data in Cisco Unified Intelligence Center Live Data Server,"A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device.
 This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.",Cisco,Cisco Unified Intelligence Center,5.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-08-27T22:15:08.000Z,,false,false,,2024-02-21T16:09:03.422Z,0
CVE-2023-20062,https://securityvulnerability.io/vulnerability/CVE-2023-20062,Cisco Unified Intelligence Center Vulnerabilities,"Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.",Cisco,Cisco Unified Intelligence Center,6.5,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-10-25T17:15:13.000Z,,false,false,,2023-03-03T00:00:00.000Z,0
CVE-2023-20061,https://securityvulnerability.io/vulnerability/CVE-2023-20061,Cisco Unified Intelligence Center Vulnerabilities,"Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.",Cisco,Cisco Unified Intelligence Center,6.5,MEDIUM,0.0008999999845400453,false,,false,false,true,2024-10-25T17:15:13.000Z,,false,false,,2023-03-03T00:00:00.000Z,0
CVE-2023-20058,https://securityvulnerability.io/vulnerability/CVE-2023-20058,Reflected Cross-Site Scripting Vulnerability in Cisco Unified Intelligence Center,"A vulnerability in the web-based management interface of Cisco Unified Intelligence Center allows an unauthenticated remote attacker to execute a reflected cross-site scripting (XSS) attack. This issue arises due to improper validation of user-supplied input, enabling attackers to craft malicious links that, when clicked by a user, can lead to the execution of arbitrary script code within the affected interface. Such exploitation can potentially access sensitive browser-based information, posing significant risks to users.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unified Contact Center Express,Cisco Unified Intelligence Center,Cisco Packaged Contact Center Enterprise",6.1,MEDIUM,0.0013599999947473407,false,,false,false,true,2024-10-25T17:15:13.000Z,,false,false,,2023-01-20T07:15:00.000Z,0
CVE-2019-1860,https://securityvulnerability.io/vulnerability/CVE-2019-1860,Cisco Unified Intelligence Center Remote File Injection Vulnerability,"A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user&rsquo;s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user&rsquo;s browser and Cisco Unified Intelligence Center in the context of the malicious gadget.",Cisco,Cisco Unified Intelligence Center,5.9,MEDIUM,0.0017000000225380063,false,,false,false,true,2024-08-04T19:16:14.000Z,,false,false,,2019-05-16T02:29:00.000Z,0
CVE-2019-1658,https://securityvulnerability.io/vulnerability/CVE-2019-1658,Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user.",Cisco,Cisco Unified Intelligence Center,4.7,MEDIUM,0.0007800000021234155,false,,false,false,true,2024-08-04T19:16:03.000Z,,false,false,,2019-01-24T16:29:00.000Z,0
CVE-2017-12253,https://securityvulnerability.io/vulnerability/CVE-2017-12253,,"A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872.",Cisco,Cisco Unified Intelligence Center,8.8,HIGH,0.0023799999617040157,false,,false,false,false,,,false,false,,2017-09-21T05:00:00.000Z,0
CVE-2017-12254,https://securityvulnerability.io/vulnerability/CVE-2017-12254,,"A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856.",Cisco,Cisco Unified Intelligence Center,6.1,MEDIUM,0.0027799999807029963,false,,false,false,false,,,false,false,,2017-09-21T05:00:00.000Z,0
CVE-2017-12248,https://securityvulnerability.io/vulnerability/CVE-2017-12248,,"A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835.",Cisco,Cisco Unified Intelligence Center,6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2017-09-21T05:00:00.000Z,0
CVE-2017-6789,https://securityvulnerability.io/vulnerability/CVE-2017-6789,,"A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325.",Cisco,Cisco Unified Intelligence Center,6.1,MEDIUM,0.0012100000167265534,false,,false,false,false,,,false,false,,2017-09-07T21:00:00.000Z,0
CVE-2016-6427,https://securityvulnerability.io/vulnerability/CVE-2016-6427,,"Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.",Cisco,"Unified Contact Center Express,Unified Intelligence Center",8.8,HIGH,0.0015699999639764428,false,,false,false,false,,,false,false,,2016-10-06T10:00:00.000Z,0
CVE-2016-6425,https://securityvulnerability.io/vulnerability/CVE-2016-6425,,"Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.",Cisco,"Unified Contact Center Express,Unified Intelligence Center",6.1,MEDIUM,0.001820000004954636,false,,false,false,false,,,false,false,,2016-10-06T10:00:00.000Z,0
CVE-2016-6426,https://securityvulnerability.io/vulnerability/CVE-2016-6426,,"The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.",Cisco,"Unified Contact Center Express,Unified Intelligence Center",7.5,HIGH,0.003019999945536256,false,,false,false,false,,,false,false,,2016-10-05T21:00:00.000Z,0
CVE-2015-4274,https://securityvulnerability.io/vulnerability/CVE-2015-4274,,"Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.",Cisco,Unified Intelligence Center,,,0.0009200000204145908,false,,false,false,false,,,false,false,,2015-07-16T19:00:00.000Z,0
CVE-2015-0740,https://securityvulnerability.io/vulnerability/CVE-2015-0740,,"Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826.",Cisco,Unified Intelligence Center,,,0.0018400000408291817,false,,false,false,false,,,false,false,,2015-05-20T00:00:00.000Z,0
CVE-2007-5539,https://securityvulnerability.io/vulnerability/CVE-2007-5539,,"Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.",Cisco,"Unified Icm Hosted,Unified Intelligent Contact Management Enterprise,Unified Contact Center Enterprise,Unified Contact Center Hosted",,,0.006949999835342169,false,,false,false,false,,,false,false,,2007-10-18T00:00:00.000Z,0