CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0401
https://notcve.org/view.php?id=CVE-2018-0401
18 Jul 2018 — Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco Unified Contact Center Express (Unified CCX) podrían permitir que un atacante remoto sin autenticar lleve a cabo ataques de Cross-Site Scripting (XSS) contra un usuario de la ... • http://www.securitytracker.com/id/1041352 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0402
https://notcve.org/view.php?id=CVE-2018-0402
18 Jul 2018 — Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco Unified Contact Center Express (Unified CCX) podrían permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Request Forgery (CSRF). Cisco Bug IDs: CSCvg70921. • http://www.securitytracker.com/id/1041352 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0403
https://notcve.org/view.php?id=CVE-2018-0403
18 Jul 2018 — Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco Unified Contact Center Express (Unified CCX) podrían permitir que un atacante remoto sin autenticar recupere una contraseña en texto claro. Cisco Bug IDs: CSCvg71040. • http://www.securitytracker.com/id/1041352 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2017-6779
https://notcve.org/view.php?id=CVE-2017-6779
07 Jun 2018 — Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulner... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6722
https://notcve.org/view.php?id=CVE-2017-6722
04 Jul 2017 — A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61). Una vulnerabilidad en el servicio Extensible Messaging and Presence Protocol (XMPP) de Unified Contact Center Express (UCCx) de Cisco, podría permiti... • http://www.securityfocus.com/bid/99201 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6425
https://notcve.org/view.php?id=CVE-2016-6425
06 Oct 2016 — Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652. Vulnerabilidad de XSS en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versión 9.1(1), tal como se utiliza en Unified Contact Center Express 10.0(1) hasta la versión 11.0(1), permite a atacantes remotos inye... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6427
https://notcve.org/view.php?id=CVE-2016-6427
06 Oct 2016 — Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654. Vulnerabilidad de CSRF en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versión 9.1(1), tal como se usa en Unified Contact Center Express 10.0(1) hasta la versión 11.0(1), permite a atacantes remotos secuestra... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6426
https://notcve.org/view.php?id=CVE-2016-6426
05 Oct 2016 — The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. La función j_spring_security_switch_user en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versión 9.1(1), tal como se utiliza en Unified Contact Center Express 10.0(1) hasta la versión 11.0(1), permite ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1298
https://notcve.org/view.php?id=CVE-2016-1298
26 Jan 2016 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. Múltiples vulnerabilidades de XSS en Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1) y 11.0(1) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con enlaces permanentes, también ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-ucce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2583
https://notcve.org/view.php?id=CVE-2011-2583
02 May 2012 — Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834. Cisco Unified Contact Center Express (también conocido como CCX) v8.0 y v8.5, permite a atacantes remotos causar una denegación de servicio a través de tráfico de la red, como lo demuestra un caso de prueba SEC-BE-STABLE, también conocido como Bug ID CSCth33834. • http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_8_5/release/guide/uccx851rn.pdf • CWE-20: Improper Input Validation •