CVE-2016-6425
Published on: 10/06/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:12 PM UTC
Certain versions of Unified Contact Center Express from Cisco contain the following vulnerability:
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.
- CVE-2016-6425 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.1 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Cisco Unified Intelligence Center Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks - SecurityTracker | www.securitytracker.com text/html |
![]() |
Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability | Vendor Advisory tools.cisco.com text/html |
![]() |
Cisco Unified Intelligence Center CVE-2016-6425 Cross Site Scripting Vulnerability | cve.report (archive) text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Cisco | Unified Contact Center Express | 10.0\(1\) | All | All | All |
Application | Cisco | Unified Contact Center Express | 10.5\(1\) | All | All | All |
Application | Cisco | Unified Contact Center Express | 10.6\(1\) | All | All | All |
Application | Cisco | Unified Contact Center Express | 11.0\(1\) | All | All | All |
Application | Cisco | Unified Contact Center Express | 10.0\(1\) | All | All | All |
Application | Cisco | Unified Contact Center Express | 10.5\(1\) | All | All | All |
Application | Cisco | Unified Contact Center Express | 10.6\(1\) | All | All | All |
Application | Cisco | Unified Contact Center Express | 11.0\(1\) | All | All | All |
Application | Cisco | Unified Intelligence Center | 8.5.4 | All | All | All |
Application | Cisco | Unified Intelligence Center | 9.0\(2\) | All | All | All |
Application | Cisco | Unified Intelligence Center | 9.1\(1\) | All | All | All |
Application | Cisco | Unified Intelligence Center | 8.5.4 | All | All | All |
Application | Cisco | Unified Intelligence Center | 9.0\(2\) | All | All | All |
Application | Cisco | Unified Intelligence Center | 9.1\(1\) | All | All | All |
- cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_intelligence_center:9.0\(2\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_intelligence_center:9.1\(1\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_intelligence_center:9.0\(2\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_intelligence_center:9.1\(1\):*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE