CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-20096

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering crafted text into various input fields within the web-based management interface. A successful exploit could allow the attacker to perform a stored XSS attack, which could allow the execution of scripts within the context of other users of the interface.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.2%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2023-20096

Cisco » Unified Contact Center Express » Version: N/A

cpe:2.3:a:cisco:unified_contact_center_express:-
Cisco » Unified Contact Center Express » Version: 10.0(1)

cpe:2.3:a:cisco:unified_contact_center_express:10.0(1)
Cisco » Unified Contact Center Express » Version: 10.5(1)

cpe:2.3:a:cisco:unified_contact_center_express:10.5(1)
Cisco » Unified Contact Center Express » Version: 10.6(1)

cpe:2.3:a:cisco:unified_contact_center_express:10.6(1)
Cisco » Unified Contact Center Express » Version: 11.0(1)

cpe:2.3:a:cisco:unified_contact_center_express:11.0(1)
Cisco » Unified Contact Center Express » Version: 11.5(1)

cpe:2.3:a:cisco:unified_contact_center_express:11.5(1)
Cisco » Unified Contact Center Express » Version: 11.5.1es01

cpe:2.3:a:cisco:unified_contact_center_express:11.5.1es01
Cisco » Unified Contact Center Express » Version: 11.5.1su1

cpe:2.3:a:cisco:unified_contact_center_express:11.5.1su1
Cisco » Unified Contact Center Express » Version: 11.6

cpe:2.3:a:cisco:unified_contact_center_express:11.6
Cisco » Unified Contact Center Express » Version: 11.6(1)

cpe:2.3:a:cisco:unified_contact_center_express:11.6(1)
Cisco » Unified Contact Center Express » Version: 11.6(2)

cpe:2.3:a:cisco:unified_contact_center_express:11.6(2)
Cisco » Unified Contact Center Express » Version: 11.6(2)es04

cpe:2.3:a:cisco:unified_contact_center_express:11.6(2)es04
Cisco » Unified Contact Center Express » Version: 12.0

cpe:2.3:a:cisco:unified_contact_center_express:12.0
Cisco » Unified Contact Center Express » Version: 12.0(1)

cpe:2.3:a:cisco:unified_contact_center_express:12.0(1)
Cisco » Unified Contact Center Express » Version: 12.0(1)es03

cpe:2.3:a:cisco:unified_contact_center_express:12.0(1)es03
Cisco » Unified Contact Center Express » Version: 12.5

cpe:2.3:a:cisco:unified_contact_center_express:12.5
Cisco » Unified Contact Center Express » Version: 12.5(1)

cpe:2.3:a:cisco:unified_contact_center_express:12.5(1)
Cisco » Unified Contact Center Express » Version: 12.5(1)_su2_es05

cpe:2.3:a:cisco:unified_contact_center_express:12.5(1)_su2_es05

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-20096

Products

Pricing

Contact Us