CVE-2016-1439: XSS
First published: Thu Jun 23 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IP Contact Center Enterprise | =4.6\(2\)-sr1 | |
| Cisco IP Contact Center Enterprise | =4.6\(2\)-sr2 | |
| Cisco IP Contact Center Enterprise | =4.6\(2\)-sr3 | |
| Cisco IP Contact Center Enterprise | =4.6\(2\)-sr4 | |
| Cisco IP Contact Center Enterprise | =4.6\(2\)-sr5 | |
| Cisco IP Contact Center Enterprise | =4.6\(2\)-sr6 | |
| Cisco IP Contact Center Enterprise | =4.6.2 | |
| Cisco IP Contact Center Enterprise | =5.0\(0\) | |
| Cisco IP Contact Center Enterprise | =5.0\(0\)-sr10 | |
| Cisco IP Contact Center Enterprise | =5.0\(0\)-sr11 | |
| Cisco IP Contact Center Enterprise | =5.0\(0\)-sr12 | |
| Cisco IP Contact Center Enterprise | =5.0\(0\)-sr13 | |
| Cisco IP Contact Center Enterprise | =5.0\(0\)-sr2 | |
| Cisco IP Contact Center Enterprise | =5.0\(0\)-sr3 | |
| Cisco IP Contact Center Enterprise | =5.0\(0\)-sr4 | |
| Cisco IP Contact Center Enterprise | =5.0\(0\)-sr5 | |
| Cisco IP Contact Center Enterprise | =5.0\(0\)-sr7 | |
| Cisco IP Contact Center Enterprise | =5.0\(0\)-sr8 | |
| Cisco IP Contact Center Enterprise | =5.0\(0\)-sr9 | |
| Cisco IP Contact Center Enterprise | =6.0\(0\)-sr1 | |
| Cisco IP Contact Center Enterprise | =6.0\(0\)-sr10 | |
| Cisco IP Contact Center Enterprise | =6.0\(0\)-sr11 | |
| Cisco IP Contact Center Enterprise | =6.0\(0\)-sr12 | |
| Cisco IP Contact Center Enterprise | =6.0\(0\)-sr2 | |
| Cisco IP Contact Center Enterprise | =6.0\(0\)-sr3 | |
| Cisco IP Contact Center Enterprise | =6.0\(0\)-sr4 | |
| Cisco IP Contact Center Enterprise | =6.0\(0\)-sr5 | |
| Cisco IP Contact Center Enterprise | =6.0\(0\)-sr6 | |
| Cisco IP Contact Center Enterprise | =6.0\(0\)-sr7 | |
| Cisco IP Contact Center Enterprise | =6.0\(0\)-sr8 | |
| Cisco IP Contact Center Enterprise | =6.0\(0\)-sr9 | |
| Cisco IP Contact Center Enterprise | =7.0\(0\)-sr1 | |
| Cisco IP Contact Center Enterprise | =7.0\(0\)-sr2 | |
| Cisco IP Contact Center Enterprise | =7.0\(0\)-sr3 | |
| Cisco IP Contact Center Enterprise | =7.0\(0\)-sr4 | |
| Cisco IP Contact Center Enterprise | =7.1\(2\) | |
| Cisco IP Contact Center Enterprise | =7.1\(3\) | |
| Cisco IP Contact Center Enterprise | =7.1\(4\) | |
| Cisco IP Contact Center Enterprise | =7.1\(5\) | |
| Cisco IP Contact Center Enterprise | =7.1.0 | |
| Cisco IP Contact Center Enterprise | =7.2\(1\) | |
| Cisco IP Contact Center Enterprise | =7.2\(2\) | |
| Cisco IP Contact Center Enterprise | =7.2\(3\) | |
| Cisco IP Contact Center Enterprise | =7.2\(4\) | |
| Cisco IP Contact Center Enterprise | =7.2\(5\) | |
| Cisco IP Contact Center Enterprise | =7.2\(6\) | |
| Cisco IP Contact Center Enterprise | =7.2\(7\) | |
| Cisco IP Contact Center Enterprise | =7.5\(2\) | |
| Cisco IP Contact Center Enterprise | =7.5\(3\) | |
| Cisco IP Contact Center Enterprise | =7.5\(4\) | |
| Cisco IP Contact Center Enterprise | =7.5\(5\) | |
| Cisco IP Contact Center Enterprise | =7.5\(6\) | |
| Cisco IP Contact Center Enterprise | =7.5\(7\) | |
| Cisco IP Contact Center Enterprise | =7.5\(8\) | |
| Cisco IP Contact Center Enterprise | =7.5\(9\) | |
| Cisco IP Contact Center Enterprise | =7.5\(10\) | |
| Cisco IP Contact Center Enterprise | =8.0\(2\) | |
| Cisco IP Contact Center Enterprise | =8.0\(3\) | |
| Cisco IP Contact Center Enterprise | =8.5\(1\) | |
| Cisco IP Contact Center Enterprise | =8.5\(2\) | |
| Cisco IP Contact Center Enterprise | =8.5\(3\) | |
| Cisco IP Contact Center Enterprise | =8.5\(4\) | |
| Cisco IP Contact Center Enterprise | =9.0\(2\) | |
| Cisco IP Contact Center Enterprise | =9.0\(3\) | |
| Cisco IP Contact Center Enterprise | =9.0\(4\) | |
| Cisco IP Contact Center Enterprise | =10.0\(1\) | |
| Cisco IP Contact Center Enterprise | =10.0\(2\) | |
| Cisco IP Contact Center Enterprise | =10.5\(1\) | |
| Cisco IP Contact Center Enterprise | =10.5\(2\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1439?
CVE-2016-1439 is considered a medium severity vulnerability due to its potential for exploitation via cross-site scripting.
How do I fix CVE-2016-1439?
To address CVE-2016-1439, Cisco recommends upgrading to a version of Unified Contact Center Enterprise that is patched against this vulnerability.
What types of attacks can CVE-2016-1439 facilitate?
CVE-2016-1439 can facilitate cross-site scripting (XSS) attacks, allowing attackers to inject malicious scripts into web pages viewed by users.
Which versions of Cisco Unified Contact Center Enterprise are affected by CVE-2016-1439?
CVE-2016-1439 affects various versions of Cisco Unified Contact Center Enterprise, specifically through 10.5(2).
Is user interaction necessary for exploiting CVE-2016-1439?
Yes, successful exploitation of CVE-2016-1439 requires user interaction, as the attacker needs to trick the user into clicking the crafted URL.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ip contact center enterprise
- version/cisco ip contact center enterprise/4.6\(2\)-sr1
- version/cisco ip contact center enterprise/4.6\(2\)-sr2
- version/cisco ip contact center enterprise/4.6\(2\)-sr3
- version/cisco ip contact center enterprise/4.6\(2\)-sr4
- version/cisco ip contact center enterprise/4.6\(2\)-sr5
- version/cisco ip contact center enterprise/4.6\(2\)-sr6
- version/cisco ip contact center enterprise/4.6.2
- version/cisco ip contact center enterprise/5.0\(0\)
- version/cisco ip contact center enterprise/5.0\(0\)-sr10
- version/cisco ip contact center enterprise/5.0\(0\)-sr11
- version/cisco ip contact center enterprise/5.0\(0\)-sr12
- version/cisco ip contact center enterprise/5.0\(0\)-sr13
- version/cisco ip contact center enterprise/5.0\(0\)-sr2
- version/cisco ip contact center enterprise/5.0\(0\)-sr3
- version/cisco ip contact center enterprise/5.0\(0\)-sr4
- version/cisco ip contact center enterprise/5.0\(0\)-sr5
- version/cisco ip contact center enterprise/5.0\(0\)-sr7
- version/cisco ip contact center enterprise/5.0\(0\)-sr8
- version/cisco ip contact center enterprise/5.0\(0\)-sr9
- version/cisco ip contact center enterprise/6.0\(0\)-sr1
- version/cisco ip contact center enterprise/6.0\(0\)-sr10
- version/cisco ip contact center enterprise/6.0\(0\)-sr11
- version/cisco ip contact center enterprise/6.0\(0\)-sr12
- version/cisco ip contact center enterprise/6.0\(0\)-sr2
- version/cisco ip contact center enterprise/6.0\(0\)-sr3
- version/cisco ip contact center enterprise/6.0\(0\)-sr4
- version/cisco ip contact center enterprise/6.0\(0\)-sr5
- version/cisco ip contact center enterprise/6.0\(0\)-sr6
- version/cisco ip contact center enterprise/6.0\(0\)-sr7
- version/cisco ip contact center enterprise/6.0\(0\)-sr8
- version/cisco ip contact center enterprise/6.0\(0\)-sr9
- version/cisco ip contact center enterprise/7.0\(0\)-sr1
- version/cisco ip contact center enterprise/7.0\(0\)-sr2
- version/cisco ip contact center enterprise/7.0\(0\)-sr3
- version/cisco ip contact center enterprise/7.0\(0\)-sr4
- version/cisco ip contact center enterprise/7.1\(2\)
- version/cisco ip contact center enterprise/7.1\(3\)
- version/cisco ip contact center enterprise/7.1\(4\)
- version/cisco ip contact center enterprise/7.1\(5\)
- version/cisco ip contact center enterprise/7.1.0
- version/cisco ip contact center enterprise/7.2\(1\)
- version/cisco ip contact center enterprise/7.2\(2\)
- version/cisco ip contact center enterprise/7.2\(3\)
- version/cisco ip contact center enterprise/7.2\(4\)
- version/cisco ip contact center enterprise/7.2\(5\)
- version/cisco ip contact center enterprise/7.2\(6\)
- version/cisco ip contact center enterprise/7.2\(7\)
- version/cisco ip contact center enterprise/7.5\(2\)
- version/cisco ip contact center enterprise/7.5\(3\)
- version/cisco ip contact center enterprise/7.5\(4\)
- version/cisco ip contact center enterprise/7.5\(5\)
- version/cisco ip contact center enterprise/7.5\(6\)
- version/cisco ip contact center enterprise/7.5\(7\)
- version/cisco ip contact center enterprise/7.5\(8\)
- version/cisco ip contact center enterprise/7.5\(9\)
- version/cisco ip contact center enterprise/7.5\(10\)
- version/cisco ip contact center enterprise/8.0\(2\)
- version/cisco ip contact center enterprise/8.0\(3\)
- version/cisco ip contact center enterprise/8.5\(1\)
- version/cisco ip contact center enterprise/8.5\(2\)
- version/cisco ip contact center enterprise/8.5\(3\)
- version/cisco ip contact center enterprise/8.5\(4\)
- version/cisco ip contact center enterprise/9.0\(2\)
- version/cisco ip contact center enterprise/9.0\(3\)
- version/cisco ip contact center enterprise/9.0\(4\)
- version/cisco ip contact center enterprise/10.0\(1\)
- version/cisco ip contact center enterprise/10.0\(2\)
- version/cisco ip contact center enterprise/10.5\(1\)
- version/cisco ip contact center enterprise/10.5\(2\)