Unified Contact Center Express
CVEs (56)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-20358 | 0.00 | — | 0.01 | Nov 5, 2025 | A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to… | |||
| CVE-2025-20354 | 0.00 | — | 0.01 | Nov 5, 2025 | A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper… | |||
| CVE-2025-20288 | 0.00 | — | 0.00 | Jul 16, 2025 | A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation… | |||
| CVE-2025-20274 | 0.00 | — | 0.00 | Jul 16, 2025 | A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the… | |||
| CVE-2025-20278 | 0.00 | — | 0.00 | Jun 4, 2025 | A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation… | |||
| CVE-2025-20279 | 0.00 | — | 0.00 | Jun 4, 2025 | A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This… | |||
| CVE-2025-20277 | 0.00 | — | 0.00 | Jun 4, 2025 | A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability… | |||
| CVE-2025-20276 | 0.00 | — | 0.00 | Jun 4, 2025 | A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This… | |||
| CVE-2025-20275 | 0.00 | — | 0.00 | Jun 4, 2025 | A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. This vulnerability is due to insecure deserialization of Java objects by the… | |||
| CVE-2025-20129 | 0.00 | — | 0.00 | Jun 4, 2025 | A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP… | |||
| CVE-2025-20113 | 0.00 | — | 0.00 | May 21, 2025 | A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied… | |||
| CVE-2025-20114 | 0.00 | — | 0.00 | May 21, 2025 | A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API… | |||
| CVE-2024-20405 | 0.00 | — | 0.01 | Jun 5, 2024 | A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific… | |||
| CVE-2024-20253 | 0.00 | — | 0.02 | Jan 26, 2024 | A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is… | |||
| CVE-2023-20232 | 0.00 | — | 0.00 | Aug 16, 2023 | A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP… | |||
| CVE-2023-20096 | 0.00 | — | 0.01 | Apr 5, 2023 | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of… | |||
| CVE-2023-20058 | 0.00 | — | 0.00 | Jan 19, 2023 | A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based… | |||
| CVE-2021-1395 | 0.00 | — | 0.01 | Jun 16, 2021 | A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management… | |||
| CVE-2021-1358 | 0.00 | — | 0.01 | May 22, 2021 | A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an… | |||
| CVE-2021-1254 | 0.00 | — | 0.01 | May 22, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied… |
- CVE-2025-20358Nov 5, 2025risk 0.00cvss —epss 0.01
A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to…
- CVE-2025-20354Nov 5, 2025risk 0.00cvss —epss 0.01
A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper…
- CVE-2025-20288Jul 16, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation…
- CVE-2025-20274Jul 16, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the…
- CVE-2025-20278Jun 4, 2025risk 0.00cvss —epss 0.00
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation…
- CVE-2025-20279Jun 4, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This…
- CVE-2025-20277Jun 4, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability…
- CVE-2025-20276Jun 4, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This…
- CVE-2025-20275Jun 4, 2025risk 0.00cvss —epss 0.00
A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. This vulnerability is due to insecure deserialization of Java objects by the…
- CVE-2025-20129Jun 4, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP…
- CVE-2025-20113May 21, 2025risk 0.00cvss —epss 0.00
A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied…
- CVE-2025-20114May 21, 2025risk 0.00cvss —epss 0.00
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API…
- CVE-2024-20405Jun 5, 2024risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific…
- CVE-2024-20253Jan 26, 2024risk 0.00cvss —epss 0.02
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is…
- CVE-2023-20232Aug 16, 2023risk 0.00cvss —epss 0.00
A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP…
- CVE-2023-20096Apr 5, 2023risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of…
- CVE-2023-20058Jan 19, 2023risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based…
- CVE-2021-1395Jun 16, 2021risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management…
- CVE-2021-1358May 22, 2021risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an…
- CVE-2021-1254May 22, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied…
Page 2 of 3