XSS Vulnerability in Cisco Unified Contact Center Express Administration Interface
CVE-2009-2048

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Ccx; Unified Ip Ivr; Crs; Unified Ip Contact Center Express
Vendor: CVE Published:; 16 July 2009

Summary

The Administration interface of Cisco Unified Contact Center Express prior to version 7.0(1) SR2 is vulnerable to a cross-site scripting (XSS) attack. This flaw allows remote authenticated users to inject arbitrary web scripts or HTML into the CCX database, potentially compromising the security of the system. Attackers can leverage this vulnerability through unspecified vectors, leading to unauthorized access and manipulation of sensitive data within the application interface.

References

http://www.securitytracker.com/id?1022569

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/51730

vdb-entryx_refsource_XF

http://secunia.com/advisories/35861

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 16, 2009
Vulnerability Reserved
Jun 12, 2009