Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-06-05	CVE-2024-20404	Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. network low complexity cisco CWE-918	5.3
2024-06-05	CVE-2024-20405	Cross-site Scripting vulnerability in Cisco Finesse A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. network low complexity cisco CWE-79	6.1
2021-05-22	CVE-2021-1254	Cross-site Scripting vulnerability in Cisco Finesse Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. network low complexity cisco CWE-79	4.8
2021-05-22	CVE-2021-1358	Open Redirect vulnerability in Cisco Finesse A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. network low complexity cisco CWE-601	6.1
2021-01-13	CVE-2021-1246	Cross-site Scripting vulnerability in Cisco Finesse Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP OpenSocial Gadget Editor Unauthenticated Access Vulnerability A vulnerability in the web management interface of Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP could allow an unauthenticated, remote attacker to access the OpenSocial Gadget Editor without providing valid user credentials. The vulnerability is due to missing authentication for a specific section of the web-based management interface. network low complexity cisco CWE-79	6.1
2021-01-13	CVE-2021-1245	Cross-site Scripting vulnerability in Cisco Finesse Cisco Finesse and Cisco Unified CVP OpenSocial Gadget Editor Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of Cisco Finesse and Cisco Unified CVP could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. network low complexity cisco CWE-79	6.1
2020-02-19	CVE-2020-3159	Cross-site Scripting vulnerability in Cisco Finesse A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. network low complexity cisco CWE-79	6.1
2020-01-26	CVE-2019-15278	Cross-site Scripting vulnerability in Cisco Finesse and Unified Contact Center Express A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. network low complexity cisco CWE-79	6.1
2017-10-19	CVE-2017-12288	Cross-site Scripting vulnerability in Cisco Finesse 11.5(1) A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. network low complexity cisco CWE-79	6.1
2017-08-07	CVE-2017-6761	Cross-site Scripting vulnerability in Cisco Finesse 10.6(1)/11.5(1) A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. network low complexity cisco CWE-79	6.1