CVE-2016-1439

Published: Jun 23, 2016Modified: May 6, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.

Affected (69)

Products: Cisco: Unified Contact Center Enterprise

Cisco

1 product

Unified Contact Center Enterprise

Configuration A

69 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Contact Center Enterprise	Version 10.0(1)
Cisco Unified Contact Center Enterprise	Version 10.0(2)
Cisco Unified Contact Center Enterprise	Version 10.5(1)
Cisco Unified Contact Center Enterprise	Version 10.5(2)
Cisco Unified Contact Center Enterprise	Version 4.6.2
Cisco Unified Contact Center Enterprise	Version 4.6(2) sr1
Cisco Unified Contact Center Enterprise	Version 4.6(2) sr2
Cisco Unified Contact Center Enterprise	Version 4.6(2) sr3
Cisco Unified Contact Center Enterprise	Version 4.6(2) sr4
Cisco Unified Contact Center Enterprise	Version 4.6(2) sr5
Cisco Unified Contact Center Enterprise	Version 4.6(2) sr6
Cisco Unified Contact Center Enterprise	Version 5.0(0)
Cisco Unified Contact Center Enterprise	Version 5.0(0) sr10
Cisco Unified Contact Center Enterprise	Version 5.0(0) sr11
Cisco Unified Contact Center Enterprise	Version 5.0(0) sr12
Cisco Unified Contact Center Enterprise	Version 5.0(0) sr13
Cisco Unified Contact Center Enterprise	Version 5.0(0) sr2
Cisco Unified Contact Center Enterprise	Version 5.0(0) sr3
Cisco Unified Contact Center Enterprise	Version 5.0(0) sr4
Cisco Unified Contact Center Enterprise	Version 5.0(0) sr5
Cisco Unified Contact Center Enterprise	Version 5.0(0) sr7
Cisco Unified Contact Center Enterprise	Version 5.0(0) sr8
Cisco Unified Contact Center Enterprise	Version 5.0(0) sr9
Cisco Unified Contact Center Enterprise	Version 6.0(0) sr10
Cisco Unified Contact Center Enterprise	Version 6.0(0) sr11
Cisco Unified Contact Center Enterprise	Version 6.0(0) sr12
Cisco Unified Contact Center Enterprise	Version 6.0(0) sr1
Cisco Unified Contact Center Enterprise	Version 6.0(0) sr2
Cisco Unified Contact Center Enterprise	Version 6.0(0) sr3
Cisco Unified Contact Center Enterprise	Version 6.0(0) sr4
Cisco Unified Contact Center Enterprise	Version 6.0(0) sr5
Cisco Unified Contact Center Enterprise	Version 6.0(0) sr6
Cisco Unified Contact Center Enterprise	Version 6.0(0) sr7
Cisco Unified Contact Center Enterprise	Version 6.0(0) sr8
Cisco Unified Contact Center Enterprise	Version 6.0(0) sr9
Cisco Unified Contact Center Enterprise	Version 7.0(0) sr1
Cisco Unified Contact Center Enterprise	Version 7.0(0) sr2
Cisco Unified Contact Center Enterprise	Version 7.0(0) sr3
Cisco Unified Contact Center Enterprise	Version 7.0(0) sr4
Cisco Unified Contact Center Enterprise	Version 7.1.0
Cisco Unified Contact Center Enterprise	Version 7.1(2)
Cisco Unified Contact Center Enterprise	Version 7.1(3)
Cisco Unified Contact Center Enterprise	Version 7.1(4)
Cisco Unified Contact Center Enterprise	Version 7.1(5)
Cisco Unified Contact Center Enterprise	Version 7.2(1)
Cisco Unified Contact Center Enterprise	Version 7.2(2)
Cisco Unified Contact Center Enterprise	Version 7.2(3)
Cisco Unified Contact Center Enterprise	Version 7.2(4)
Cisco Unified Contact Center Enterprise	Version 7.2(5)
Cisco Unified Contact Center Enterprise	Version 7.2(6)
Cisco Unified Contact Center Enterprise	Version 7.2(7)
Cisco Unified Contact Center Enterprise	Version 7.5(10)
Cisco Unified Contact Center Enterprise	Version 7.5(2)
Cisco Unified Contact Center Enterprise	Version 7.5(3)
Cisco Unified Contact Center Enterprise	Version 7.5(4)
Cisco Unified Contact Center Enterprise	Version 7.5(5)
Cisco Unified Contact Center Enterprise	Version 7.5(6)
Cisco Unified Contact Center Enterprise	Version 7.5(7)
Cisco Unified Contact Center Enterprise	Version 7.5(8)
Cisco Unified Contact Center Enterprise	Version 7.5(9)
Cisco Unified Contact Center Enterprise	Version 8.0(2)
Cisco Unified Contact Center Enterprise	Version 8.0(3)
Cisco Unified Contact Center Enterprise	Version 8.5(1)
Cisco Unified Contact Center Enterprise	Version 8.5(2)
Cisco Unified Contact Center Enterprise	Version 8.5(3)
Cisco Unified Contact Center Enterprise	Version 8.5(4)
Cisco Unified Contact Center Enterprise	Version 9.0(2)
Cisco Unified Contact Center Enterprise	Version 9.0(3)
Cisco Unified Contact Center Enterprise	Version 9.0(4)

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-ucce

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1036155

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-ucce

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1036155

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.