XSS in Cisco Finesse

CVE-2015-0714

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (49.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Finesse — versions 10.0\(1\)_base, 10.5\(1\)_base, 10.6\(1\)_base
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

20150501 Cisco Finesse Server Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1032222 (vdb-entry, x_refsource_SECTRACK)