Cross-Site Scripting Vulnerability in Cisco Unified Contact Center Enterprise
CVE-2016-1439

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Unified Contact Center Enterprise
Vendor: CVE Published:; 23 June 2016

Summary

A cross-site scripting vulnerability exists in the management interface of Cisco Unified Contact Center Enterprise, allowing remote attackers to inject arbitrary web scripts or HTML through specially crafted URLs. This flaw could potentially lead to unauthorized actions on behalf of users or the exposure of sensitive information.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1036155

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 23, 2016
Vulnerability Reserved
Jan 4, 2016