Description
A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Published: 2025-06-04
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-16889 A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
History

Tue, 22 Jul 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:cisco:unified_intelligent_contact_management_enterprise:*:*:*:*:*:*:*:*

Wed, 04 Jun 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Jun 2025 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Title Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Cisco Unified Intelligent Contact Management Enterprise
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2025-06-04T18:19:56.528Z

Reserved: 2024-10-10T19:15:13.245Z

Link: CVE-2025-20273

cve-icon Vulnrichment

Updated: 2025-06-04T18:13:06.926Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-04T17:15:27.050

Modified: 2025-07-22T15:16:05.243

Link: CVE-2025-20273

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T15:26:22Z

Weaknesses