CVE-2017-12288
https://notcve.org/view.php?id=CVE-2017-12288
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf09173. • http://www.securityfocus.com/bid/101514 http://www.securitytracker.com/id/1039620 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ucce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-6761
https://notcve.org/view.php?id=CVE-2017-6761
A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd96744. • http://www.securityfocus.com/bid/100110 http://www.securitytracker.com/id/1039059 https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd96744 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-6442
https://notcve.org/view.php?id=CVE-2016-6442
A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1). Una vulnerabilidad en Cisco Finesse Agent y Supervisor Desktop Software podría permitir a un atacante remoto no autenticado llevar a cabo un ataque CSRF contra el usuario de la interfaz webs. Más información: CSCvb57213. • http://www.securityfocus.com/bid/93519 http://www.securitytracker.com/id/1037004 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-1373
https://notcve.org/view.php?id=CVE-2016-1373
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. La API gadgets-integration en Cisco Finesse 8.5(1) hasta la versión 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 hasta la versión 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 hasta la versión 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2 y 11.0(1) permite a atacantes remotos llevar a cabo ataques de falsificación de peticiones del lado del servidor (SSRF) a través de una petición manipulada, también conocido como Bug ID CSCuw86623. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse http://www.securitytracker.com/id/1035756 •
CVE-2015-4310
https://notcve.org/view.php?id=CVE-2015-4310
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug IDs CSCuq82322, CSCut95853, and CSCuq73975. Múltiples vulnerabilidades de XSS en Cisco Finesse 10.5(1), permite a atacantes remotos inyectar secuencias de comandos o HTML arbitrarios a través de parámetros no especificados en una petición (1) GET o (2) POST, también conocido como Bug IDs CSCuq82322, CSCut95853 y CSCuq73975. • http://tools.cisco.com/security/center/viewAlert.x?alertId=40436 http://www.securityfocus.com/bid/76407 http://www.securitytracker.com/id/1033331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •