Cisco Finesse Server XSS Vulnerability (CVE-2015-0714)
Cisco Finesse Server XSS Vulnerability (CVE-2015-0714)
Release date:
Updated on:
Affected Systems:
Cisco Finesse Server 11.0 (1)
Cisco Finesse Server 10.6 (1)
Cisco Finesse Server 10.5 (1)
Cisco Finesse Server 10.0 (1)
Description:
CVE (CAN) ID: CVE-2015-0714
Cisco Finesse is the next-generation proxy and management monitoring desktop for Cisco Unified Contact Center Enterprise.
Multiple cross-site scripting vulnerabilities exist in Cisco Finesse Server 10.0 (1), 10.5 (1), 10.6 (1), and 11.0 (1). Remote attackers use some parameters, attackers can exploit this vulnerability to inject arbitrary Web scripts or HTML.
<* Source: Cisco
*>
Suggestion:
Vendor patch:
Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://tools.cisco.com/security/center/viewAlert.x? AlertId = 38607
This article permanently updates the link address: