CVE-2009-2048

Published: Jul 16, 2009Modified: Apr 23, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors.

Affected (33)

Products: Cisco: Crs, Customer Response Applications, Ip Qm, Unified Ccx, Unified Ip Contact Center Express, Unified Ip Ivr

Cisco

6 products

Crs

Customer Response Applications

Ip Qm

Unified Ccx

Unified Ip Contact Center Express

Unified Ip Ivr

Configuration A

33 vulnerable

Vulnerable Software	Affected Versions
Cisco Crs	Version 3.5
Cisco Crs	Version 4.0
Cisco Crs	Version 4.1
Cisco Crs	Version 4.5
Cisco Crs	Version 5.0
Cisco Crs	Version 6.0
Cisco Crs	Version 7.0
Cisco Customer Response Applications	Version 3.5
Cisco Ip Qm	Version 3.5
Cisco Unified Ccx	Version 3.5
Cisco Unified Ccx	Version 4.0(1)
Cisco Unified Ccx	Version 4.0(3)
Cisco Unified Ccx	Version 4.0(4)
Cisco Unified Ccx	Version 4.0(5)
Cisco Unified Ccx	Version 4.0(5a)
Cisco Unified Ccx	Version 4.5(1)
Cisco Unified Ccx	Version 4.5(2)
Cisco Unified Ccx	Version 5.0(1)
Cisco Unified Ccx	Version 6.0(1)
Cisco Unified Ccx	Version 7.0(1)
Cisco Unified Ip Contact Center Express	Version 3.0
Cisco Unified Ip Contact Center Express	Version 5.0(1)
Cisco Unified Ip Contact Center Express	Version 6.0(1)
Cisco Unified Ip Contact Center Express	Version 7.0
Cisco Unified Ip Ivr	Version 3.0
Cisco Unified Ip Ivr	Version 3.1
Cisco Unified Ip Ivr	Version 4.0
Cisco Unified Ip Ivr	Version 4.1
Cisco Unified Ip Ivr	Version 4.5
Cisco Unified Ip Ivr	Version 5.0
Cisco Unified Ip Ivr	Version 6.0
Cisco Unified Ip Ivr	Version 7.0
Cisco Unified Ip Ivr	Version 7.0(1)