CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6425
https://notcve.org/view.php?id=CVE-2016-6425
06 Oct 2016 — Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652. Vulnerabilidad de XSS en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versión 9.1(1), tal como se utiliza en Unified Contact Center Express 10.0(1) hasta la versión 11.0(1), permite a atacantes remotos inye... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6427
https://notcve.org/view.php?id=CVE-2016-6427
06 Oct 2016 — Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654. Vulnerabilidad de CSRF en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versión 9.1(1), tal como se usa en Unified Contact Center Express 10.0(1) hasta la versión 11.0(1), permite a atacantes remotos secuestra... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6426
https://notcve.org/view.php?id=CVE-2016-6426
05 Oct 2016 — The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. La función j_spring_security_switch_user en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versión 9.1(1), tal como se utiliza en Unified Contact Center Express 10.0(1) hasta la versión 11.0(1), permite ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1298
https://notcve.org/view.php?id=CVE-2016-1298
26 Jan 2016 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. Múltiples vulnerabilidades de XSS en Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1) y 11.0(1) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con enlaces permanentes, también ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-ucce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2583
https://notcve.org/view.php?id=CVE-2011-2583
02 May 2012 — Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834. Cisco Unified Contact Center Express (también conocido como CCX) v8.0 y v8.5, permite a atacantes remotos causar una denegación de servicio a través de tráfico de la red, como lo demuestra un caso de prueba SEC-BE-STABLE, también conocido como Bug ID CSCth33834. • http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_8_5/release/guide/uccx851rn.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1570
https://notcve.org/view.php?id=CVE-2010-1570
10 Jun 2010 — The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server and Node Manager failure) via a malformed CTI message. El componente computer telephony integration (CTI) server en Cisco Unified Contact Center Express (UCCX) v7.0 anterior v7.0(1)SR4 y v7.0(2), v6.0 anterior v6.0(1)SR1, y v5.0 anteior v5.0(2)SR3 permite a atac... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2f110.shtml •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1571
https://notcve.org/view.php?id=CVE-2010-1571
10 Jun 2010 — Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295. Vulnerabilidad de salto de directorio en el servicio bootstrap en Cisco Unified Contact Center Express (UCCX) v7.0 anterior v7.0(1)SR4 y 7.0(2), no especificadas versiones v6.0, y v5.0 anterior v5.0(2)SR3 permite a atacantes... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2f110.shtml • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •