CVE-2023-20058: XSS
First published: Thu Jan 19 2023(Updated: )
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Packaged Contact Center Enterprise | >=9.0\(1\)<12.5\(1\)_su2_es05 | |
| Cisco Packaged Contact Center Enterprise | >=12.5\(1\)_su2<12.5\(1\)_su2_es05 | |
| Cisco Unified Contact Center Enterprise | <12.5\(1\)_es02 | |
| Cisco Unified Contact Center Enterprise | >=12.5\(2\)<12.6\(1\)_es06 | |
| Cisco Unified Contact Center Enterprise | >=12.6\(1\)<12.6\(1\)_es06 | |
| Cisco Unified Contact Center Express | <12.5\(1\)_su2_es05 | |
| Cisco Unified Contact Center Express | >=12.5\(1\)_su2<12.5\(1\)_su2_es05 | |
| Cisco Unified Intelligence Center | <12.5\(1\)_es02 | |
| Cisco Unified Intelligence Center | >=12.6\(1\)<12.6\(1\)_es06 | |
| Cisco Unified Intelligence Center | >=12.6\(1\)_es2<12.6\(1\)_es06 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco Unified Intelligence Center vulnerability?
The vulnerability ID is CVE-2023-20058.
What is the severity rating of CVE-2023-20058?
The severity rating of CVE-2023-20058 is 6.1 (medium).
What is the affected software for CVE-2023-20058?
The affected software for CVE-2023-20058 is Cisco Packaged Contact Center Enterprise, Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express, and Cisco Unified Intelligence Center.
What is the CWE ID for CVE-2023-20058?
The CWE ID for CVE-2023-20058 is CWE-79.
How can I fix the vulnerability CVE-2023-20058?
To fix the vulnerability CVE-2023-20058, it is recommended to update to the latest version of the affected software or apply the necessary patches provided by Cisco.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco packaged contact center enterprise
- version/cisco packaged contact center enterprise/9.0\(1\)
- version/cisco packaged contact center enterprise/12.5\(1\)_su2
- canonical/cisco unified contact center enterprise
- version/cisco unified contact center enterprise/12.5\(2\)
- version/cisco unified contact center enterprise/12.6\(1\)
- canonical/cisco unified contact center express
- version/cisco unified contact center express/12.5\(1\)_su2
- canonical/cisco unified intelligence center
- version/cisco unified intelligence center/12.6\(1\)
- version/cisco unified intelligence center/12.6\(1\)_es2