Cisco Products Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interfaces of multiple Cisco products, including Cisco Finesse, Cisco Packaged Contact Center Enterprise, Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express, and Cisco Unified Intelligence Center. This vulnerability allows an unauthenticated, remote attacker to inject malicious scripts that could be executed in the context of the user's browser session, potentially accessing sensitive information.

Impact

Exploitation of this vulnerability allows for cross-site scripting attacks, where an attacker can inject and execute malicious scripts in the context of the user's session.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading to the fixed releases can be found on the Cisco Support and Downloads page. Customers should contact the Cisco Technical Assistance Center (TAC) for upgrade assistance if needed.