CVE-2009-2048

{"id": "CVE-2009-2048", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-07-16T15:30:00.767", "references": [{"url": "http://osvdb.org/55937", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/35861", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/35705", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1022569", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2009/1913", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51730", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados - XSS - en el interfaz de administraci\u00f3n en Cisco Customer Response Solutions (CRS) anteriores a v7.0(1) SR2 en el servidor Cisco Unified Contact Center Express (tambi\u00e9n conocido como CCX) permite a los usuarios remotos autenticado inyectar arbitrariamente una secuencia de comandos web o HTML en la base de datos CCX a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-08-17T01:30:38.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:crs:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C6F8BA2-EA5E-4E90-8390-2D29E8FAB4AC"}, {"criteria": "cpe:2.3:a:cisco:crs:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E010B8C0-06BF-42C9-8AE6-8A0A6696EC9A"}, {"criteria": "cpe:2.3:a:cisco:crs:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98203DF7-2B21-4D7F-B32C-E9E6C24E1A9D"}, {"criteria": "cpe:2.3:a:cisco:crs:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "629B1A0E-A13F-4209-B070-960392893299"}, {"criteria": "cpe:2.3:a:cisco:crs:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13E6B9D0-5F88-4F48-A313-D478FB9919FC"}, {"criteria": "cpe:2.3:a:cisco:crs:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F979F18-29A6-433C-91A4-0042EC275CF9"}, {"criteria": "cpe:2.3:a:cisco:crs:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F6008EC-FB15-43B3-8B09-3BFB28536EC0"}, {"criteria": "cpe:2.3:a:cisco:customer_response_applications:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5DC9FD7-0716-456C-895F-74BC7866C520"}, {"criteria": "cpe:2.3:a:cisco:ip_qm:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BC0CC96-C3DD-4564-8323-3EAB9ACBFF45"}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD62E8B9-9715-4217-864F-C54F1DEE835F"}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32F36940-BF16-4C7C-A24C-D923AF333709"}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2BE86CE-EF95-4841-B145-DFA4D0E0EF4B"}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "369C0FF7-BC46-400E-AC61-F97BAFDE14FD"}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(5\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6883E046-DA9D-4402-A22B-31140D6C8054"}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(5a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED3C91A3-E343-4FAC-85D7-649C7ECE6E64"}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51E21F75-530E-4399-B8EC-1E933711D6E7"}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.5\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6273D50B-8D2B-4F5A-B4F3-2CC86F5B730F"}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:5.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB3F5DF8-E9A7-4812-8677-BDCE4679ED9E"}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:6.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBAF3470-5AF5-4B26-AA92-A92E908A52E4"}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:7.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8CDC6A2-319F-4C83-8042-BEF6C9FD1C2B"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_contact_center_express:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA09955E-62F4-4098-8FFF-C61D33EB8AB6"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_contact_center_express:5.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBA8057F-7E31-4F9D-992E-621DCD7C4089"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_contact_center_express:6.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1568EE5B-716D-439B-9017-8498C9353B4F"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_contact_center_express:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCFA9981-ED56-4D5B-AF82-1BCC551FE02A"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71082BE9-AF48-460A-9127-4D5D6DBA02F9"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDFDB400-1557-4A6D-A40F-00271A666A0E"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E744A286-EA75-4E20-8503-12217FE0F03E"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4B5083B-0782-4668-B88A-A6DB65A4AFCA"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3782F66-76E2-4912-AA16-CB552A8C4ED5"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A26B5F10-147A-4C32-BE98-F24407E4973F"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1E4FAEE-BE07-45D8-A7F4-92668CA9BF8D"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73CA4024-4F80-466A-9383-9A68E2FAC995"}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:7.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53C79246-3D29-4A8E-94DD-8771964B7E4F"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}