{ "id": "CVE-2009-2048", "sourceIdentifier": "ykramarz@cisco.com", "published": "2009-07-16T15:30:00.767", "lastModified": "2017-08-17T01:30:38.333", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados - XSS - en el interfaz de administraci\u00f3n en Cisco Customer Response Solutions (CRS) anteriores a v7.0(1) SR2 en el servidor Cisco Unified Contact Center Express (tambi\u00e9n conocido como CCX) permite a los usuarios remotos autenticado inyectar arbitrariamente una secuencia de comandos web o HTML en la base de datos CCX a trav\u00e9s de vectores no especificados." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5 }, "baseSeverity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:crs:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "4C6F8BA2-EA5E-4E90-8390-2D29E8FAB4AC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:crs:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E010B8C0-06BF-42C9-8AE6-8A0A6696EC9A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:crs:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "98203DF7-2B21-4D7F-B32C-E9E6C24E1A9D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:crs:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "629B1A0E-A13F-4209-B070-960392893299" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:crs:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "13E6B9D0-5F88-4F48-A313-D478FB9919FC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:crs:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F979F18-29A6-433C-91A4-0042EC275CF9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:crs:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F6008EC-FB15-43B3-8B09-3BFB28536EC0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:customer_response_applications:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B5DC9FD7-0716-456C-895F-74BC7866C520" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:ip_qm:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "8BC0CC96-C3DD-4564-8323-3EAB9ACBFF45" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ccx:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "AD62E8B9-9715-4217-864F-C54F1DEE835F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "32F36940-BF16-4C7C-A24C-D923AF333709" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "F2BE86CE-EF95-4841-B145-DFA4D0E0EF4B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "369C0FF7-BC46-400E-AC61-F97BAFDE14FD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "6883E046-DA9D-4402-A22B-31140D6C8054" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(5a\\):*:*:*:*:*:*:*", "matchCriteriaId": "ED3C91A3-E343-4FAC-85D7-649C7ECE6E64" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ccx:4.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "51E21F75-530E-4399-B8EC-1E933711D6E7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ccx:4.5\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "6273D50B-8D2B-4F5A-B4F3-2CC86F5B730F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ccx:5.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "AB3F5DF8-E9A7-4812-8677-BDCE4679ED9E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ccx:6.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "DBAF3470-5AF5-4B26-AA92-A92E908A52E4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ccx:7.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "A8CDC6A2-319F-4C83-8042-BEF6C9FD1C2B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_contact_center_express:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BA09955E-62F4-4098-8FFF-C61D33EB8AB6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_contact_center_express:5.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "EBA8057F-7E31-4F9D-992E-621DCD7C4089" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_contact_center_express:6.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "1568EE5B-716D-439B-9017-8498C9353B4F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_contact_center_express:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCFA9981-ED56-4D5B-AF82-1BCC551FE02A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_ivr:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "71082BE9-AF48-460A-9127-4D5D6DBA02F9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_ivr:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDFDB400-1557-4A6D-A40F-00271A666A0E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_ivr:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E744A286-EA75-4E20-8503-12217FE0F03E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_ivr:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "D4B5083B-0782-4668-B88A-A6DB65A4AFCA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_ivr:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "F3782F66-76E2-4912-AA16-CB552A8C4ED5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_ivr:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A26B5F10-147A-4C32-BE98-F24407E4973F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_ivr:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1E4FAEE-BE07-45D8-A7F4-92668CA9BF8D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_ivr:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "73CA4024-4F80-466A-9383-9A68E2FAC995" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_ip_ivr:7.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "53C79246-3D29-4A8E-94DD-8771964B7E4F" } ] } ] } ], "references": [ { "url": "http://osvdb.org/55937", "source": "ykramarz@cisco.com" }, { "url": "http://secunia.com/advisories/35861", "source": "ykramarz@cisco.com" }, { "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml", "source": "ykramarz@cisco.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/35705", "source": "ykramarz@cisco.com" }, { "url": "http://www.securitytracker.com/id?1022569", "source": "ykramarz@cisco.com" }, { "url": "http://www.vupen.com/english/advisories/2009/1913", "source": "ykramarz@cisco.com" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51730", "source": "ykramarz@cisco.com" } ] }