CVE-2021-1395 — Cross-site Scripting in Cisco Unified Contact Center Express

CWE-79 — Cross-site Scripting CWE-1395 — Dependency on Vulnerable Third-Party Component5 documents5 sources

Severity

6.1MEDIUMNVD

CNA4.7

EPSS

0.4%

top 36.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Contact Center Express Cisco Unified Intelligence Center Cisco Unified Contact Center Express

Timeline

PublishedJun 16

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDcisco/unified_intelligence_center12.0\(1\)+1

▶NVDcisco/unified_contact_center_express12.5\(1\)

▶CVEListV5cisco/cisco_unified_contact_center_expressn/a

🔴Vulnerability Details

GHSA

GHSA-4786-jhx6-3pjr: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct↗2022-05-24

▶

CVEList

Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability↗2021-06-16

▶

📋Vendor Advisories

Cisco

Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability↗2021-06-16

▶