CVE-2021-1599

CWE-79Cross-site Scripting (XSS)CWE-787Out-of-bounds Write5 documents5 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 44.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Customer Voice PortalCisco Cisco Unified Customer Voice Portal (cvp)
Timeline
PublishedJul 22
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary code i

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:LExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-76jc-v27q-5hhx: A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to pe2022-05-24
CVEList
Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability2021-07-22

📋Vendor Advisories

2
Red Hat
libsolv: Heap overflow2022-02-21
Cisco
Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability2021-07-21
CVE-2021-1599 (MEDIUM CVSS 5.4) | A vulnerability in the web-based ma | cvebase.io