11 matches found
EUVD-2025-137326
Malicious code in imodiov-kofi-cuic npm...
CISCO-SA-20190515-CUIC
creationtimestamp| type| source ---|---|--- 2024-12-17 09:00:35+00:00| seen| https://social.circl.lu/users/vulnerabilitylookup/statuses/113667342696034701...
Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability
Cross-site scripting XSS vulnerability in Cisco Unified Intelligence Center CUIC 8.5.4 through 9.11, as used in Unified Contact Center Express 10.01 through 11.01, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652. C Tenable...
Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability
Cross-site request forgery CSRF vulnerability in Cisco Unified Intelligence Center CUIC, as used in Unified Contact Center Express allows remote attackers to hijack the authentication of arbitrary users. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid129819;...
CVE-2016-6427
The Cisco Unified Intelligence Center (CUIC) CSRF issue (CVE-2016-6427) is fixed in Cisco advisory cisco-sa-20161005-ucis3. Affected CUIC versions 8.5.4–9.1(1), as used with Unified Contact Center Express 10.0(1)–11.0(1), are vulnerable due to insufficient CSRF protections, potentially allowing a...
CVE-2016-6427
Cross-site request forgery CSRF vulnerability in Cisco Unified Intelligence Center CUIC 8.5.4 through 9.11, as used in Unified Contact Center Express 10.01 through 11.01, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654...
CVE-2016-6425
Cisco CUIC is affected by a cross-site scripting (XSS) vulnerability in CUIC versions 8.5.4 through 9.1(1) when used with Unified CCX 10.0(1) through 11.0(1). The issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL, due to insufficient input validation. Cisco’s ...
CVE-2016-6426
The CVE-2016-6426 issue affects Cisco Unified Intelligence Center (CUIC) 8.5.4–9.1(1) as deployed in Unified Contact Center Express 10.0(1)–11.0(1). The vulnerability is in the j_spring_security_switch_user function, allowing remote, unauthenticated attackers to create new user accounts by visiti...
Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability
A vulnerability in the jspringsecurityswitchuser function of Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to make certain changes to the system. The vulnerability is due to improper implementation of authorization controls when accessing certain...
Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...
Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...