CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-1254

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities by injecting malicious code into the web-based management interface and persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. An attacker needs valid administrator credentials to inject the malicious script code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.8%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 4.3

References

Products affected by CVE-2021-1254

Cisco » Finesse » Version: N/A

cpe:2.3:a:cisco:finesse:-
Cisco » Finesse » Version: 10.0(1)_base

cpe:2.3:a:cisco:finesse:10.0(1)_base
Cisco » Finesse » Version: 10.0(1)_su1

cpe:2.3:a:cisco:finesse:10.0(1)_su1
Cisco » Finesse » Version: 10.0(1)_su1.1

cpe:2.3:a:cisco:finesse:10.0(1)_su1.1
Cisco » Finesse » Version: 10.5(1)_base

cpe:2.3:a:cisco:finesse:10.5(1)_base
Cisco » Finesse » Version: 10.5(1)_es1

cpe:2.3:a:cisco:finesse:10.5(1)_es1
Cisco » Finesse » Version: 10.5(1)_es2

cpe:2.3:a:cisco:finesse:10.5(1)_es2
Cisco » Finesse » Version: 10.5(1)_es3

cpe:2.3:a:cisco:finesse:10.5(1)_es3
Cisco » Finesse » Version: 10.5(1)_es4

cpe:2.3:a:cisco:finesse:10.5(1)_es4
Cisco » Finesse » Version: 10.5(1)_su1

cpe:2.3:a:cisco:finesse:10.5(1)_su1
Cisco » Finesse » Version: 10.5(1)_su1.1

cpe:2.3:a:cisco:finesse:10.5(1)_su1.1
Cisco » Finesse » Version: 10.5(1)_su1.7

cpe:2.3:a:cisco:finesse:10.5(1)_su1.7
Cisco » Finesse » Version: 10.6(1)_base

cpe:2.3:a:cisco:finesse:10.6(1)_base
Cisco » Finesse » Version: 10.6(1)_su1

cpe:2.3:a:cisco:finesse:10.6(1)_su1
Cisco » Finesse » Version: 10.6(1)_su2

cpe:2.3:a:cisco:finesse:10.6(1)_su2
Cisco » Finesse » Version: 11.0(1)

cpe:2.3:a:cisco:finesse:11.0(1)
Cisco » Finesse » Version: 11.0(1)_base

cpe:2.3:a:cisco:finesse:11.0(1)_base
Cisco » Finesse » Version: 11.5(1)

cpe:2.3:a:cisco:finesse:11.5(1)
Cisco » Finesse » Version: 11.5(3)

cpe:2.3:a:cisco:finesse:11.5(3)
Cisco » Finesse » Version: 11.6(1)

cpe:2.3:a:cisco:finesse:11.6(1)
Cisco » Finesse » Version: 12.0(1)

cpe:2.3:a:cisco:finesse:12.0(1)
Cisco » Finesse » Version: 12.5(1)

cpe:2.3:a:cisco:finesse:12.5(1)
Cisco » Finesse » Version: 8.5(1)_base

cpe:2.3:a:cisco:finesse:8.5(1)_base
Cisco » Finesse » Version: 8.5(2)_base

cpe:2.3:a:cisco:finesse:8.5(2)_base
Cisco » Finesse » Version: 8.5(3)_base

cpe:2.3:a:cisco:finesse:8.5(3)_base
Cisco » Finesse » Version: 8.5(4)_base

cpe:2.3:a:cisco:finesse:8.5(4)_base
Cisco » Finesse » Version: 8.5(5)_base

cpe:2.3:a:cisco:finesse:8.5(5)_base
Cisco » Finesse » Version: 8.6(1)_base

cpe:2.3:a:cisco:finesse:8.6(1)_base
Cisco » Finesse » Version: 9.0(1)_base

cpe:2.3:a:cisco:finesse:9.0(1)_base
Cisco » Finesse » Version: 9.0(2)_base

cpe:2.3:a:cisco:finesse:9.0(2)_base
Cisco » Finesse » Version: 9.1(1)_base

cpe:2.3:a:cisco:finesse:9.1(1)_base
Cisco » Finesse » Version: 9.1(1)_es1

cpe:2.3:a:cisco:finesse:9.1(1)_es1
Cisco » Finesse » Version: 9.1(1)_es2

cpe:2.3:a:cisco:finesse:9.1(1)_es2
Cisco » Finesse » Version: 9.1(1)_es3

cpe:2.3:a:cisco:finesse:9.1(1)_es3
Cisco » Finesse » Version: 9.1(1)_es4

cpe:2.3:a:cisco:finesse:9.1(1)_es4
Cisco » Finesse » Version: 9.1(1)_es5

cpe:2.3:a:cisco:finesse:9.1(1)_es5
Cisco » Finesse » Version: 9.1(1)_su1

cpe:2.3:a:cisco:finesse:9.1(1)_su1
Cisco » Finesse » Version: 9.1(1)_su1.1

cpe:2.3:a:cisco:finesse:9.1(1)_su1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-1254

Products

Pricing

Contact Us