CVE-2023-20096

MEDIUM 5.4

Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering crafted text into various input fields within the web-based management interface. A successful exploit could allow the attacker to perform a stored XSS attack, which could allow the execution of scripts within the context of other users of the interface.

CWE	CWE-79
Vendor	cisco
Product	cisco unified contact center express
Ecosystems	Networking
Industries	NetworkingTelecommunications
Published	Apr 5, 2023
Last Updated	Oct 25, 2024

Stay Ahead of the Next One

Get instant alerts for cisco cisco unified contact center express

Be the first to know when new medium vulnerabilities affecting cisco cisco unified contact center express are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

Cisco / Cisco Unified Contact Center Express

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-xss-GO9L9xxr