NotCVE - vendor:"Cisco" product:"Finesse" version:"10.6\(1\)

Page 2 of 13 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-6761

https://notcve.org/view.php?id=CVE-2017-6761

07 Aug 2017 — A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A succ... • http://www.securityfocus.com/bid/100110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.6EPSS: 0%CPEs: 31EXPL: 0

CVE-2016-1373

https://notcve.org/view.php?id=CVE-2016-1373

05 May 2016 — The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. La API gadgets-integration en Cisco Finesse 8.5(1) hasta la versión 8.5(5),... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-0714

https://notcve.org/view.php?id=CVE-2015-0714

02 May 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595. Múltiples vulnerabilidades de XSS en Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), y 11.0(1) permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de parámetro no especificados, también conocido como Bug ID CSCut53595. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2