CVE-2009-2048: XSS
First published: Thu Jul 16 2009(Updated: )
Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Contact Center Express | =7.0\(1\) | |
| Cisco Unified IP Interactive Voice Response | =4.1 | |
| Cisco Carrier Routing System | =4.1 | |
| Cisco Unified Contact Center Express | =4.0\(1\) | |
| Cisco Unified Contact Center Express | =3.0 | |
| Cisco Carrier Routing System | =4.5 | |
| Cisco Unified IP Interactive Voice Response | =6.0 | |
| Cisco Unified Contact Center Express | =5.0\(1\) | |
| Cisco Unified Contact Center Express | =4.0\(4\) | |
| Cisco Unified IP Interactive Voice Response | =4.5 | |
| Cisco Carrier Routing System | =6.0 | |
| Cisco Unified IP Interactive Voice Response | =7.0\(1\) | |
| Cisco Unified Contact Center Express | =4.0\(5\) | |
| Cisco Carrier Routing System | =4.0 | |
| Cisco Unified Contact Center Express | =5.0\(1\) | |
| Cisco Customer Response Solution | =3.5 | |
| Cisco Unified Contact Center Express | =4.5\(1\) | |
| Cisco Unified Contact Center Express | =7.0 | |
| Cisco Unified Contact Center Express | =4.0\(3\) | |
| Cisco Unified Contact Center Express | =3.5 | |
| Cisco Carrier Routing System | =7.0 | |
| Cisco Unified Contact Center Express | =4.0\(5a\) | |
| Cisco Unified IP Interactive Voice Response | =3.0 | |
| Cisco IP QM | =3.5 | |
| Cisco Unified IP Interactive Voice Response | =3.1 | |
| Cisco Unified Contact Center Express | =6.0\(1\) | |
| Cisco Carrier Routing System | =5.0 | |
| Cisco Unified Contact Center Express | =4.5\(2\) | |
| Cisco Unified IP Interactive Voice Response | =5.0 | |
| Cisco Carrier Routing System | =3.5 | |
| Cisco Unified Contact Center Express | =6.0\(1\) | |
| Cisco Unified IP Interactive Voice Response | =7.0 | |
| Cisco Unified IP Interactive Voice Response | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/55937
- http://secunia.com/advisories/35861
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml
- http://www.securityfocus.com/bid/35705
- http://www.securitytracker.com/id?1022569
- http://www.vupen.com/english/advisories/2009/1913
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51730
Frequently Asked Questions
What is the severity of CVE-2009-2048?
CVE-2009-2048 is classified as a medium severity vulnerability due to its ability to allow remote authenticated users to inject arbitrary web script or HTML.
How do I fix CVE-2009-2048?
To fix CVE-2009-2048, upgrade to Cisco CRS version 7.0(1) SR2 or later, as this version addresses the vulnerability.
Who is affected by CVE-2009-2048?
CVE-2009-2048 affects users of specific versions of Cisco Customer Response Solutions and Cisco Unified Contact Center Express before 7.0(1) SR2.
What type of vulnerability is CVE-2009-2048?
CVE-2009-2048 is a cross-site scripting (XSS) vulnerability that allows injection of arbitrary web script or HTML.
Can CVE-2009-2048 be exploited by unauthorized users?
No, CVE-2009-2048 requires remote authenticated users to exploit the vulnerability, meaning it cannot be exploited by unauthorized users.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/remedy
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco unified contact center express
- version/cisco unified contact center express/7.0\(1\)
- canonical/cisco unified ip interactive voice response
- version/cisco unified ip interactive voice response/4.1
- canonical/cisco carrier routing system
- version/cisco carrier routing system/4.1
- version/cisco unified contact center express/4.0\(1\)
- version/cisco unified contact center express/3.0
- version/cisco carrier routing system/4.5
- version/cisco unified ip interactive voice response/6.0
- version/cisco unified contact center express/5.0\(1\)
- version/cisco unified contact center express/4.0\(4\)
- version/cisco unified ip interactive voice response/4.5
- version/cisco carrier routing system/6.0
- version/cisco unified ip interactive voice response/7.0\(1\)
- version/cisco unified contact center express/4.0\(5\)
- version/cisco carrier routing system/4.0
- canonical/cisco customer response solution
- version/cisco customer response solution/3.5
- version/cisco unified contact center express/4.5\(1\)
- version/cisco unified contact center express/7.0
- version/cisco unified contact center express/4.0\(3\)
- version/cisco unified contact center express/3.5
- version/cisco carrier routing system/7.0
- version/cisco unified contact center express/4.0\(5a\)
- version/cisco unified ip interactive voice response/3.0
- canonical/cisco ip qm
- version/cisco ip qm/3.5
- version/cisco unified ip interactive voice response/3.1
- version/cisco unified contact center express/6.0\(1\)
- version/cisco carrier routing system/5.0
- version/cisco unified contact center express/4.5\(2\)
- version/cisco unified ip interactive voice response/5.0
- version/cisco carrier routing system/3.5
- version/cisco unified ip interactive voice response/7.0
- version/cisco unified ip interactive voice response/4.0