Cisco Unified Customer Voice Portal (CVP) can be used as a standalone interactive voice response (IVR) system or integrated with a contact center.A cross-site scripting vulnerability exists in the Web management interface of Cisco Unified Customer Voice Portal 12.5(1) and prior versions, which could be exploited by an attacker to Exploit the vulnerability by tricking users into clicking on a malicious link to execute arbitrary code in the context of the interface, access sensitive, browser-based information, or under certain conditions, cause the affected device to reboot.