Vulnerabilities > Cisco > Packaged Contact Center Enterprise > 11.6.1

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2023-20058 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-79
6.1
2021-12-10 CVE-2021-44228 Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. 10.0
2018-10-05 CVE-2018-0445 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Packaged Contact Center Enterprise 11.6(1)
A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
2018-10-05 CVE-2018-0444 Cross-site Scripting vulnerability in Cisco Packaged Contact Center Enterprise 11.6(1)
A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface.
network
low complexity
cisco CWE-79
6.1