Cisco Packaged and Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities
Cisco's June 22 advisory covers multiple cross-site scripting flaws in the web-based management interfaces of Packaged Contact Center Enterprise (Packaged CCE) and Unified Contact Center Enterprise (Unified CCE).
At a glance
- Cisco disclosed multiple XSS vulnerabilities in Packaged CCE and Unified CCE web management interfaces on June 22.
- An authenticated remote attacker could execute arbitrary script code by injecting malicious code into interface pages.
VERDICT — CONFIRMED
Cisco's June 22 advisory covers multiple cross-site scripting flaws in the web-based management interfaces of Packaged Contact Center Enterprise (Packaged CCE) and Unified Contact Center Enterprise (Unified CCE). Per Cisco, the interfaces do not properly validate user-supplied input, letting an authenticated remote attacker inject malicious code into specific pages and execute arbitrary script in the context of the affected interface.
Key facts on file
- Cisco disclosed multiple XSS vulnerabilities in Packaged CCE and Unified CCE web management interfaces on June 22.
- An authenticated remote attacker could execute arbitrary script code by injecting malicious code into interface pages.