CVE-2021-1245

Summary

Cisco Finesse and Cisco Unified CVP OpenSocial Gadget Editor Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Finesse and Cisco Unified CVP could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ES4affected
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ET5affected
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ET7affected
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ET8affected
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ES9affected
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ES10affected
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ES11affected
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ET12affected
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ET13affected
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ES14affected
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ES15affected
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ET16affected
CiscoCisco Unified Customer Voice Portal (CVP)12.6(2)_ET17affected

Weaknesses

  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References