What is CVE-2019-15278?

CVE-2019-15278 is a medium-severity vulnerability in Cisco Finesse, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2020-01-26.

How severe is CVE-2019-15278?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Cisco Finesse

CVE-2019-15278

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the sof…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.007 (72.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Cisco Finesse — versions unspecified

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

20200108 Cisco Finesse Cross-Site Scripting Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2019-15278?: CVE-2019-15278 is a medium-severity vulnerability in Cisco Finesse, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2020-01-26.
How severe is CVE-2019-15278?: Medium severity. CVSS v3 base score is 6.1 out of 10.