CVE-2019-12626 – Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-12626
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs valid administrator credentials. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ccx-xss • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-0400
https://notcve.org/view.php?id=CVE-2018-0400
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco Unified Contact Center Express (Unified CCX) podrían permitir que un atacante remoto sin autenticar lleve a cabo ataques de Cross-Site Scripting (XSS) contra un usuario de la interfaz. Cisco Bug IDs: CSCvg70904. • http://www.securitytracker.com/id/1041352 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-0401
https://notcve.org/view.php?id=CVE-2018-0401
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco Unified Contact Center Express (Unified CCX) podrían permitir que un atacante remoto sin autenticar lleve a cabo ataques de Cross-Site Scripting (XSS) contra un usuario de la interfaz. Cisco Bug IDs: CSCvg70967. • http://www.securitytracker.com/id/1041352 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-0403
https://notcve.org/view.php?id=CVE-2018-0403
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco Unified Contact Center Express (Unified CCX) podrían permitir que un atacante remoto sin autenticar recupere una contraseña en texto claro. Cisco Bug IDs: CSCvg71040. • http://www.securitytracker.com/id/1041352 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2018-0402
https://notcve.org/view.php?id=CVE-2018-0402
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco Unified Contact Center Express (Unified CCX) podrían permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Request Forgery (CSRF). Cisco Bug IDs: CSCvg70921. • http://www.securitytracker.com/id/1041352 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •