Description
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability exists because the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Problem types
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
10.5(1)SU1
10.6(1)
11.6(1)
10.6(1)SU1
10.6(1)SU3
11.6(2)
12.0(1)
11.0(1)SU1
11.5(1)SU1
10.5(1)
12.5(1)
12.5(1)SU1
12.5(1)SU2
12.5(1)SU3
12.5(1)_SU03_ES01
12.5(1)_SU03_ES02
12.5(1)_SU02_ES03
12.5(1)_SU02_ES04
12.5(1)_SU02_ES02
12.5(1)_SU01_ES02
12.5(1)_SU01_ES03
12.5(1)_SU02_ES01
11.6(2)ES07
11.6(2)ES08
12.5(1)_SU01_ES01
12.0(1)ES04
12.5(1)ES02
12.5(1)ES03
11.6(2)ES06
12.5(1)ES01
12.0(1)ES03
12.0(1)ES01
11.6(2)ES05
12.0(1)ES02
11.6(2)ES04
11.6(2)ES03
11.6(2)ES02
11.6(2)ES01
10.6(1)SU3ES03
11.0(1)SU1ES03
10.6(1)SU3ES01
10.5(1)SU1ES10
11.5(1)SU1ES03
11.6(1)ES02
11.5(1)ES01
10.6(1)SU2
10.6(1)SU2ES04
11.6(1)ES01
10.6(1)SU3ES02
11.5(1)SU1ES02
11.5(1)SU1ES01
11.0(1)SU1ES02
12.5(1)_SU03_ES03
12.5(1)_SU03_ES04
12.5(1)_SU03_ES05
UCCX 15.0.1
12.5(1)_SU03_ES06
12.5(1)_SU03_ES07
15.0(1)
15.0(1)ES01
15.0(1)ES-MSOauth
1501_ES01_CSCws06843
References
sec.cloudapps.cisco.com/...Advisory/cisco-sa-cc-xss-MrNAH5Jh (cisco-sa-cc-xss-MrNAH5Jh)