Cross-Site Scripting Vulnerability in Cisco Finesse Management Interface
CVE-2017-6761

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Finesse
Vendor
CVE Published:
7 August 2017

Summary

A cross-site scripting vulnerability exists in the web-based management interface of Cisco Finesse versions 10.6(1) and 11.5(1). This weakness allows an unauthenticated remote attacker to perform XSS attacks by enticing a user to click a specially crafted link. The flaw stems from the insufficient validation of user-supplied input, potentially leading to unauthorized execution of script code within the context of the affected interface. This could expose sensitive browser-based information to the attacker, posing significant security risks.

Affected Version(s)

Cisco Finesse Cisco Finesse

References

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100110
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039059
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.