First published: Thu Oct 06 2016(Updated: )
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Unified Contact Center Express Enhanced | =10.0\(1\) | |
Cisco Unified Contact Center Express Enhanced | =10.5\(1\) | |
Cisco Unified Contact Center Express Enhanced | =10.6\(1\) | |
Cisco Unified Contact Center Express Enhanced | =11.0\(1\) | |
Cisco Unified Intelligence Center | =8.5.4 | |
Cisco Unified Intelligence Center | =9.0\(2\) | |
Cisco Unified Intelligence Center | =9.1\(1\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-6425 is classified as a high severity cross-site scripting vulnerability.
To fix CVE-2016-6425, upgrade to Cisco Unified Intelligence Center version 9.1(2) or later, or Unified Contact Center Express version 11.0(2) or later.
CVE-2016-6425 affects Cisco Unified Intelligence Center versions 8.5.4 through 9.1(1) and Unified Contact Center Express versions 10.0(1) through 11.0(1).
Yes, CVE-2016-6425 can be exploited remotely by attackers through crafted URLs.
Exploiting CVE-2016-6425 allows attackers to inject arbitrary web scripts or HTML into affected systems.