cisco-sa-cuic-xss-csHUdtrL: Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability
First published: Wed Jun 16 2021(Updated: )
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL
Credit: security researcher Tarkan Digital
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Intelligence Center | =12.5(1)<12.5(1) ES7>=11.6(1) and earlier<=12.0(1)<12.0(1) ES14 | 12.5(1) ES7 12.0(1) ES14 |
| Cisco Unified Contact Center Express | >=11.6(1) and earlier=12.0(1)<=12.5(1)<12.5(1) SU2 | 12.5(1) SU2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the Cisco Unified Intelligence Center Reflected Cross-Site Scripting vulnerability?
The vulnerability allows an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
What is the severity of the Cisco Unified Intelligence Center Reflected Cross-Site Scripting vulnerability?
The severity of this vulnerability is medium, with a CVSS score of 6.1.
Which software versions are affected by the Cisco Unified Intelligence Center Reflected Cross-Site Scripting vulnerability?
The affected software versions are 12.5(1) ES7, 12.0(1) ES14, 11.6(1) and earlier, and 12.0(1) to 12.0(1) ES14.
How can I fix the Cisco Unified Intelligence Center Reflected Cross-Site Scripting vulnerability?
To fix the vulnerability, upgrade to Cisco Unified Intelligence Center version 12.5(1) ES7, 12.5(1) SU2, or later.
What is the Common Weakness Enumeration (CWE) ID associated with the Cisco Unified Intelligence Center Reflected Cross-Site Scripting vulnerability?
The CWE ID associated with this vulnerability is CWE-79.
- agent/title
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco unified intelligence center
- version/cisco unified intelligence center/12.5(1)
- version/cisco unified intelligence center/11.6(1) and earlier
- version/cisco unified intelligence center/12.0(1)
- canonical/cisco unified contact center express
- version/cisco unified contact center express/11.6(1) and earlier
- version/cisco unified contact center express/12.0(1)
- version/cisco unified contact center express/12.5(1)