Unified Customer Voice Portal
CVE-2021-1599
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface, access sensitive, browser-based information, or cause an affected device to reboot under certain conditions.
AnalysisAI
A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface, access sensitive, browser-based information, or cause an affected device to reboot under certain conditions. Affected products include: Cisco Unified Customer Voice Portal.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not prop
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality f
A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice
A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticate
Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files vi
The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attacker
The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an un
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not prop
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9
A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attac
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today