Reflected Cross-Site Scripting Vulnerability in Cisco Unified Intelligence Center
CVE-2023-20058

6.1MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Unified Contact Center Enterprise
Cisco Unified Contact Center Express
Cisco Unified Intelligence Center
Cisco Packaged Contact Center Enterprise
Vendor
CVE Published:
20 January 2023

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2023-20058?

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center allows an unauthenticated remote attacker to execute a reflected cross-site scripting (XSS) attack. This issue arises due to improper validation of user-supplied input, enabling attackers to craft malicious links that, when clicked by a user, can lead to the execution of arbitrary script code within the affected interface. Such exploitation can potentially access sensitive browser-based information, posing significant risks to users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Packaged Contact Center Enterprise 11.6(1)

Cisco Packaged Contact Center Enterprise 11.6(2)

Cisco Packaged Contact Center Enterprise 12.0(1)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.