Primary

Context

Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise, version 15.0(1) and earlier. This vulnerability allows an unauthenticated, remote attacker to inject arbitrary script code that could be executed in the context of the affected interface or used to access sensitive browser-based information. The issue arises from inadequate validation of user input, enabling attackers to craft links that, when clicked by a user, exploit the vulnerability.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing for the execution of malicious scripts in the user's browser session.

Remediation

Cisco plans to release software updates to address this vulnerability. For information about fixed software releases, consult the Details section of the associated Cisco Bug ID CSCwk14959.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

4.2

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

4.2

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Unified Intelligent Contact Management Enterprise

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating