Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N
Vendors Products
Cisco
  • Unified Ccx
  • Ip Qm
  • Unified Ip Ivr
  • Crs
  • Customer Response Applications
  • Unified Ip Contact Center Express

Configuration 1 [-]

OR cpe:2.3:a:cisco:crs:3.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:crs:4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:crs:4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:crs:4.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:crs:5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:crs:6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:crs:7.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:customer_response_applications:3.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ip_qm:3.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ccx:3.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ccx:4.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ccx:4.0\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ccx:4.0\(4\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ccx:4.0\(5\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ccx:4.0\(5a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ccx:4.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ccx:4.5\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ccx:5.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ccx:6.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ccx:7.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_contact_center_express:3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_contact_center_express:5.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_contact_center_express:6.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_contact_center_express:7.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_ivr:3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_ivr:3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_ivr:4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_ivr:4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_ivr:4.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_ivr:5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_ivr:6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_ivr:7.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_ip_ivr:7.0\(1\):*:*:*:*:*:*:*
References
Link Resource
http://osvdb.org/55937
http://secunia.com/advisories/35861
http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml Patch Vendor Advisory
http://www.securityfocus.com/bid/35705
http://www.securitytracker.com/id?1022569
http://www.vupen.com/english/advisories/2009/1913
https://exchange.xforce.ibmcloud.com/vulnerabilities/51730
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2009-07-16T15:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-06-12T00:00:00

Link: CVE-2009-2048

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2009-07-16T15:30:00.767

Modified: 2017-08-17T01:30:38.333

Link: CVE-2009-2048

JSON object: View

cve-icon Redhat Information

No data.

CWE