Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-16	CVE-2023-20232	Improper Input Validation vulnerability in Cisco Unified Contact Center Express A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. network low complexity cisco CWE-20	5.3
2023-04-05	CVE-2023-20096	Cross-site Scripting vulnerability in Cisco Unified Contact Center Express A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. network low complexity cisco CWE-79	5.4
2023-03-03	CVE-2023-20061	Exposure of Resource to Wrong Sphere vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. network low complexity cisco CWE-668	6.5
2023-03-03	CVE-2023-20062	Server-Side Request Forgery (SSRF) vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. network low complexity cisco CWE-918	4.3
2023-01-20	CVE-2023-20058	Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. network low complexity cisco CWE-79	6.1
2021-06-16	CVE-2021-1395	Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. network low complexity cisco CWE-79	6.1
2021-04-08	CVE-2021-1463	Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. network low complexity cisco CWE-79	6.1
2020-01-26	CVE-2019-15278	Cross-site Scripting vulnerability in Cisco Finesse and Unified Contact Center Express A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. network low complexity cisco CWE-79	6.1
2019-10-02	CVE-2019-15259	Injection vulnerability in Cisco Unified Contact Center Express A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. network low complexity cisco CWE-74	6.1
2019-08-21	CVE-2019-12626	Cross-site Scripting vulnerability in Cisco Unified Contact Center Express 12.5(1) A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. network low complexity cisco CWE-79	4.8