CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15259 – Cisco Unified Contact Center Express HTTP Response Splitting Vulnerability
https://notcve.org/view.php?id=CVE-2019-15259
A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker to perform cross-site scripting attacks, web cache poisoning, access sensitive browser-based information, and similar exploits. Una vulnerabilidad en el Software Cisco Unified Contact Center Express (UCCX), podría permitir a un atacante remoto no autenticado realizar un ataque de división de respuesta HTTP. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-uccx- • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12633 – Cisco Unified Contact Center Express Request Processing Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-12633
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and perform unauthorized actions. Una vulnerabilidad en Cisco Unified Contact Center Express (Unified CCX) podría permitir a un atacante remoto no autenticado omitir los controles de acceso y conducir un ataque de tipo server-side request forgery (SSRF) en un sistema de destino. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-unified-ccx-ssrf • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12626 – Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-12626
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs valid administrator credentials. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ccx-xss • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0401
https://notcve.org/view.php?id=CVE-2018-0401
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco Unified Contact Center Express (Unified CCX) podrían permitir que un atacante remoto sin autenticar lleve a cabo ataques de Cross-Site Scripting (XSS) contra un usuario de la interfaz. Cisco Bug IDs: CSCvg70967. • http://www.securitytracker.com/id/1041352 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0403
https://notcve.org/view.php?id=CVE-2018-0403
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco Unified Contact Center Express (Unified CCX) podrían permitir que un atacante remoto sin autenticar recupere una contraseña en texto claro. Cisco Bug IDs: CSCvg71040. • http://www.securitytracker.com/id/1041352 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-918: Server-Side Request Forgery (SSRF) •