A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:28
Type | Values Removed | Values Added |
---|---|---|
References | () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-finesse-xss - Vendor Advisory |
Information
Published : 2020-01-26 05:15
Updated : 2024-11-21 04:28
NVD link : CVE-2019-15278
Mitre link : CVE-2019-15278
CVE.ORG link : CVE-2019-15278
JSON object : View
Products Affected
cisco
- finesse
- unified_contact_center_express
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')