CVE-2021-1246

🗓️ 13 Jan 2021 21:17:33Reported by ciscoType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 48 Views

Multiple vulnerabilities in Cisco Finesse web interface, allowing unauthenticated remote attackers to conduct XSS attacks and obtain confidential info.

Reporter	Title	Published	Views	Family All 12
Cisco	Multiple Cisco Products OpenSocial Gadget Editor Vulnerabilities	13 Jan 202116:00	–	cisco
CNNVD	Cisco Finesse 跨站脚本漏洞	13 Jan 202100:00	–	cnnvd
CNVD	Cisco Finesse Cross-Site Scripting Vulnerability (NVD-C-2021-11018)	14 Jan 202100:00	–	cnvd
Cvelist	CVE-2021-1246 Cisco Finesse OpenSocial Gadget Editor Unauthenticated Access Vulnerability	13 Jan 202121:17	–	cvelist
EUVD	EUVD-2021-6713	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Cisco products	14 Jan 202100:00	–	ncsc
NCSC	Vulnerabilities fixed in Cisco Finesse	10 Jun 202100:00	–	ncsc
NVD	CVE-2021-1246	13 Jan 202122:15	–	nvd
Prion	Cross site scripting	13 Jan 202122:15	–	prion
Positive Technologies	PT-2021-1640 · Cisco · Cisco Unified Cvp +2	13 Jan 202100:00	–	ptsecurity

NVD

Node

cisco finesseRange<12.0(1)

cisco finesseMatch12.0(1)-

cisco finesseMatch12.0(1)es1

cisco finesseMatch12.0(1)es2

cisco finesseMatch12.0(1)es3

cisco finesseMatch12.0(1)es4

cisco finesseMatch12.0(1)es5

cisco finesseMatch12.5(1)-

cisco finesseMatch12.5(1)es1

cisco finesseMatch12.5(1)es2

cisco finesseMatch12.5(1)es3

cisco finesseMatch12.5(1)es4

[
  {
    "vendor": "Cisco",
    "product": "Cisco Unified Customer Voice Portal (CVP)",
    "versions": [
      {
        "version": "12.6(2)_ES4",
        "status": "affected"
      },
      {
        "version": "12.6(2)_ET5",
        "status": "affected"
      },
      {
        "version": "12.6(2)_ET7",
        "status": "affected"
      },
      {
        "version": "12.6(2)_ET8",
        "status": "affected"
      },
      {
        "version": "12.6(2)_ES9",
        "status": "affected"
      },
      {
        "version": "12.6(2)_ES10",
        "status": "affected"
      },
      {
        "version": "12.6(2)_ES11",
        "status": "affected"
      },
      {
        "version": "12.6(2)_ET12",
        "status": "affected"
      },
      {
        "version": "12.6(2)_ET13",
        "status": "affected"
      },
      {
        "version": "12.6(2)_ES14",
        "status": "affected"
      },
      {
        "version": "12.6(2)_ES15",
        "status": "affected"
      },
      {
        "version": "12.6(2)_ET16",
        "status": "affected"
      },
      {
        "version": "12.6(2)_ET17",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multi-vuln-finesse-qp6gbUO2
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multi-vuln-finesse-qp6gbUO2

21 Nov 2024 05:43Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24.3

CVSS 3.16.1 - 6.5

EPSS0.00517

SSVC