Skip to main content

Unified Contact Center Express

36 CVEs product

Monthly

CVE-2026-20117 MEDIUM This Month

Unauthenticated attackers can inject malicious scripts into Cisco Unified CCX's web management interface due to insufficient input validation, enabling XSS attacks against administrators and users. Successful exploitation allows arbitrary JavaScript execution within the browser context or theft of sensitive session information. No patch is currently available.

Cisco XSS Unified Contact Center Express
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-20376 MEDIUM This Month

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cisco Unified Contact Center Express
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20375 MEDIUM This Month

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cisco Unified Contact Center Express
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20374 MEDIUM Monitor

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Unified Contact Center Express
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-20358 CRITICAL This Week

A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Contact Center Express
NVD
CVSS 3.1
9.4
EPSS
0.6%
CVE-2025-20354 CRITICAL This Week

A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cisco Authentication Bypass Java Unified Contact Center Express
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-20279 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system.

XSS Cisco Unified Contact Center Express
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-20278 MEDIUM This Month

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

Command Injection Cisco Socialminer Unified Communications Manager Im And Presence Service Finesse +5
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20275 MEDIUM This Month

A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.  This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it.

Deserialization Java RCE Cisco Unified Contact Center Express
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2025-20129 MEDIUM This Month

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

Information Disclosure Cisco Unified Contact Center Express Socialminer
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20114 MEDIUM Monitor

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Cisco Unified Intelligence Center Unified Contact Center Express
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-20113 HIGH This Week

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Intelligence Center Unified Contact Center Express
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-20253 CRITICAL Act Now

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Cisco Unified Communications Manager Unified Communications Manager Im And Presence Service +3
NVD
CVSS 3.1
10.0
EPSS
2.1%
CVE-2023-20232 MEDIUM PATCH This Month

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Cisco Information Disclosure Unified Contact Center Express
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-20096 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Unified Contact Center Express
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-20062 MEDIUM This Month

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SSRF Cisco Packaged Contact Center Enterprise Unified Contact Center Enterprise +2
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-20061 MEDIUM This Month

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SSRF Cisco Packaged Contact Center Enterprise Unified Contact Center Enterprise +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-20058 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Packaged Contact Center Enterprise Unified Contact Center Enterprise Unified Contact Center Express +1
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-1395 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Intelligence Center Packaged Contact Center Enterprise Unified Contact Center Enterprise +1
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1463 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Contact Center Express Unified Intelligence Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3267 HIGH This Week

A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Authentication Bypass Unified Contact Center Express
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-3280 CRITICAL Act Now

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Deserialization RCE Unified Contact Center Express
NVD
CVSS 3.1
9.8
EPSS
6.9%
CVE-2020-3177 HIGH This Week

A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Unified Communications Manager Unified Contact Center Express
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-15259 MEDIUM This Month

A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-12633 HIGH This Week

A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cisco Unified Contact Center Express
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-12626 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2018-0403 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express Unified Ip Interactive Voice Response
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0402 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Cisco Unified Contact Center Express Unified Ip Interactive Voice Response
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-0401 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express Unified Ip Interactive Voice Response
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-0400 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express Unified Ip Interactive Voice Response
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2017-12337 CRITICAL Act Now

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.2% and no vendor patch available.

Cisco Authentication Bypass Emergency Responder Finesse Hosted Collaboration Solution +8
NVD
CVSS 3.0
9.8
EPSS
13.2%
CVE-2017-6722 MEDIUM This Month

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Contact Center Express
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-6427 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Unified Contact Center Express Unified Intelligence Center
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-6425 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express Unified Intelligence Center
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6426 HIGH This Week

The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Contact Center Express Unified Intelligence Center
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-1298 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express
NVD
CVSS 3.0
6.1
EPSS
0.2%
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauthenticated attackers can inject malicious scripts into Cisco Unified CCX's web management interface due to insufficient input validation, enabling XSS attacks against administrators and users. Successful exploitation allows arbitrary JavaScript execution within the browser context or theft of sensitive session information. No patch is currently available.

Cisco XSS Unified Contact Center Express
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cisco Unified Contact Center Express
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cisco Unified Contact Center Express
NVD
EPSS 0% CVSS 4.9
MEDIUM Monitor

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Unified Contact Center Express
NVD
EPSS 1% CVSS 9.4
CRITICAL This Week

A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Contact Center Express
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cisco Authentication Bypass +2
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system.

XSS Cisco Unified Contact Center Express
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

Command Injection Cisco Socialminer +7
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.  This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it.

Deserialization Java RCE +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

Information Disclosure Cisco Unified Contact Center Express +1
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Cisco +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Intelligence Center +1
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Cisco +5
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Unified Contact Center Express
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SSRF Cisco +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SSRF Cisco +4
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Packaged Contact Center Enterprise +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Intelligence Center +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Contact Center Express +1
NVD
EPSS 1% CVSS 7.1
HIGH This Week

A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Authentication Bypass +1
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Deserialization +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Unified Communications Manager +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cisco Unified Contact Center Express
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Cisco +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express +1
NVD
EPSS 13% CVSS 9.8
CRITICAL Act Now

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.2% and no vendor patch available.

Cisco Authentication Bypass Emergency Responder +10
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Contact Center Express
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Unified Contact Center Express +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Contact Center Express +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy