| Vulnerability Name: | CVE-2016-1298 (CCN-110049) | ||||||||||||
| Assigned: | 2016-01-25 | ||||||||||||
| Published: | 2016-01-25 | ||||||||||||
| Updated: | 2016-12-07 | ||||||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. | ||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-1298 Source: CCN Type: Cisco Security Advisory cisco-sa-20160125-ucce Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability Source: CISCO Type: Vendor Advisory 20160125 Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1034828 Source: XF Type: UNKNOWN cisco-ucce-cve20161298-xss(110049) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||