Vulnerabilities > Cisco > Unified Contact Center Express

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-0401 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
network
low complexity
cisco CWE-79
6.1
6.1
2018-07-18 CVE-2018-0400 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
network
low complexity
cisco CWE-79
6.1
6.1
2018-06-07 CVE-2017-6779 Resource Exhaustion vulnerability in Cisco products
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
7.5
7.5
2017-11-16 CVE-2017-12337 Improper Authentication vulnerability in Cisco products
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device.
network
low complexity
cisco CWE-287
critical
 9.8
9.8
2017-07-04 CVE-2017-6722 Improper Authentication vulnerability in Cisco Unified Contact Center Express 11.5.1Es01/11.5.1Su1/11.5(1)
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability.
network
low complexity
cisco CWE-287
6.1
6.1
2016-10-06 CVE-2016-6427 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.
network
low complexity
cisco CWE-352
8.8
8.8
2016-10-06 CVE-2016-6425 Cross-site Scripting vulnerability in Cisco products
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.
network
low complexity
cisco CWE-79
6.1
6.1
2016-10-05 CVE-2016-6426 Improper Input Validation vulnerability in Cisco products
The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.
network
low complexity
cisco CWE-20
7.5
7.5
2016-01-26 CVE-2016-1298 Cross-site Scripting vulnerability in Cisco Unified Contact Center Express
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033.
network
low complexity
cisco CWE-79
6.1
6.1