CVE-2018-0401

CWE-79 — Cross-site Scripting (XSS)CWE-19 CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 47.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Contact Center Express Cisco Unified IP Interactive Voice Response

Timeline

PublishedJul 18

Latest updateMay 13

Description

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDcisco/unified_contact_center_express11.5\(1\)

▶CVEListV5cisco_unified_contact_center_express_unknownCisco Unified Contact Center Express unknown

▶NVDcisco/unified_ip_interactive_voice_response11.5\(1\)

🔴Vulnerability Details

GHSA

GHSA-2gx6-jx5p-qgh2: Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, r↗2022-05-13

▶

CVEList

CVE-2018-0401: Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, r↗2018-07-18

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Unified Contact Center Express↗2018-07-18

▶