Vulnerability Name: | CVE-2016-6425 (CCN-117517) | ||||||||||||
Assigned: | 2016-10-05 | ||||||||||||
Published: | 2016-10-05 | ||||||||||||
Updated: | 2017-07-30 | ||||||||||||
Summary: | Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652. | ||||||||||||
CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-79 | ||||||||||||
Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-6425 Source: CISCO Type: Vendor Advisory 20161005 Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability Source: BID Type: UNKNOWN 93422 Source: SECTRACK Type: UNKNOWN 1036951 Source: XF Type: UNKNOWN cisco-ucic-cve20166425-xss(117517) Source: CCN Type: Cisco Security Advisory cisco-sa-20161005-ucis1 Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |