Unified Contact Center Express@11.0(1) Security Vulnerabilities and Issues — Unified Contact Center Express@11.0(1) CVE List

Lucene search

CiscoUnified Contact Center Express11.0(1)

4 matches found

CVE•added 2016/10/05 9:59 p.m.•44 views

CVE-2016-6426

The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.

7.5CVSS7.5AI score0.00244EPSS

CVE•added 2016/10/06 10:59 a.m.•41 views

CVE-2016-6427

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.

8.8CVSS8.9AI score0.00129EPSS

CVE•added 2016/01/26 5:59 a.m.•35 views

CVE-2016-1298

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033.

6.1CVSS5.9AI score0.00229EPSS

CVE•added 2016/10/06 10:59 a.m.•34 views

CVE-2016-6425

Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.

6.1CVSS6AI score0.00296EPSS