VIR Vulnerability Intelligence Relay

CVE-2016-1439

medium
Published 2016-06-23 ยท Modified 2026-05-06
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
6.1

Description

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.

Predictions

Exploit likelihood
71%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
cisco ciscounified_contact_center_enterprise4.6\(2\)
cisco ciscounified_contact_center_enterprise4.6.2
cisco ciscounified_contact_center_enterprise5.0\(0\)
cisco ciscounified_contact_center_enterprise6.0\(0\)
cisco ciscounified_contact_center_enterprise7.0\(0\)
cisco ciscounified_contact_center_enterprise7.1\(2\)
cisco ciscounified_contact_center_enterprise7.1\(3\)
cisco ciscounified_contact_center_enterprise7.1\(4\)
cisco ciscounified_contact_center_enterprise7.1\(5\)
cisco ciscounified_contact_center_enterprise7.1.0
cisco ciscounified_contact_center_enterprise7.2\(1\)
cisco ciscounified_contact_center_enterprise7.2\(2\)
cisco ciscounified_contact_center_enterprise7.2\(3\)
cisco ciscounified_contact_center_enterprise7.2\(4\)
cisco ciscounified_contact_center_enterprise7.2\(5\)
cisco ciscounified_contact_center_enterprise7.2\(6\)
cisco ciscounified_contact_center_enterprise7.2\(7\)
cisco ciscounified_contact_center_enterprise7.5\(2\)
cisco ciscounified_contact_center_enterprise7.5\(3\)
cisco ciscounified_contact_center_enterprise7.5\(4\)
cisco ciscounified_contact_center_enterprise7.5\(5\)
cisco ciscounified_contact_center_enterprise7.5\(6\)
cisco ciscounified_contact_center_enterprise7.5\(7\)
cisco ciscounified_contact_center_enterprise7.5\(8\)
cisco ciscounified_contact_center_enterprise7.5\(9\)
cisco ciscounified_contact_center_enterprise7.5\(10\)
cisco ciscounified_contact_center_enterprise8.0\(2\)
cisco ciscounified_contact_center_enterprise8.0\(3\)
cisco ciscounified_contact_center_enterprise8.5\(1\)
cisco ciscounified_contact_center_enterprise8.5\(2\)
cisco ciscounified_contact_center_enterprise8.5\(3\)
cisco ciscounified_contact_center_enterprise8.5\(4\)
cisco ciscounified_contact_center_enterprise9.0\(2\)
cisco ciscounified_contact_center_enterprise9.0\(3\)
cisco ciscounified_contact_center_enterprise9.0\(4\)
cisco ciscounified_contact_center_enterprise10.0\(1\)
cisco ciscounified_contact_center_enterprise10.0\(2\)
cisco ciscounified_contact_center_enterprise10.5\(1\)
cisco ciscounified_contact_center_enterprise10.5\(2\)

References

CWEs

CWE-79

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.