Stored XSS Vulnerability in Cisco Finesse Web Management Interface
CVE-2024-20405
6.1MEDIUM
What is CVE-2024-20405?
A vulnerability in the web-based management interface of Cisco Finesse allows unauthorized, remote attackers to perform stored XSS attacks. This issue arises from insufficient validation of user-supplied input in specific HTTP requests directed to the affected device. Attackers can exploit this vulnerability by convincing users to interact with a malicious link, which could result in executing arbitrary script code in the context of the affected interface. Such an attack might lead to the exposure of sensitive information stored on the device.
Affected Version(s)
Cisco Finesse 12.6(2)
Cisco Finesse 12.6(2)ES1
Cisco Finesse 12.6(2)ES2