CVE-2016-6425

Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
ciscounified_contact_center_express
10.0\(1\)
ciscounified_contact_center_express
10.5\(1\)
ciscounified_contact_center_express
10.6\(1\)
ciscounified_contact_center_express
11.0\(1\)
ciscounified_intelligence_center
8.5.4
ciscounified_intelligence_center
9.0\(2\)
ciscounified_intelligence_center
9.1\(1\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1
http://www.securityfocus.com/bid/93422
http://www.securitytracker.com/id/1036951
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1
http://www.securityfocus.com/bid/93422
http://www.securitytracker.com/id/1036951