CVE-2023-20096
Summary
| CVE | CVE-2023-20096 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-04-05 19:15:00 UTC |
|---|
| Updated | 2023-11-07 04:06:00 UTC |
|---|
| Description | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering crafted text into various input fields within the web-based management interface. A successful exploit could allow the attacker to perform a stored XSS attack, which could allow the execution of scripts within the context of other users of the interface. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability |
CISCO |
sec.cloudapps.cisco.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 317321 Cisco Unified Contact Center Express Stored Cross-Site Scripting (XSS) Vulnerability (cisco-sa-uccx-xss-GO9L9xxr)
