{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20279", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.246Z", "datePublished": "2025-06-04T16:18:20.643Z", "dateUpdated": "2025-06-04T18:19:30.697Z"}, "containers": {"cna": {"title": "Cisco Unifed Contact Center Express Stored Cross-Site Scripting Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL", "name": "cisco-sa-uccx-multi-UhOTvPGL"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-uccx-multi-UhOTvPGL", "discovery": "EXTERNAL", "defects": ["CSCwk24130"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "cwe", "cweId": "CWE-79"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Unified Contact Center Express", "versions": [{"version": "10.6(1)", "status": "affected"}, {"version": "10.5(1)SU1", "status": "affected"}, {"version": "10.6(1)SU3", "status": "affected"}, {"version": "12.0(1)", "status": "affected"}, {"version": "10.0(1)SU1", "status": "affected"}, {"version": "10.6(1)SU1", "status": "affected"}, {"version": "11.0(1)SU1", "status": "affected"}, {"version": "11.5(1)SU1", "status": "affected"}, {"version": "10.5(1)", "status": "affected"}, {"version": "11.6(1)", "status": "affected"}, {"version": "11.6(2)", "status": "affected"}, {"version": "12.5(1)", "status": "affected"}, {"version": "12.5(1)SU1", "status": "affected"}, {"version": "12.5(1)SU2", "status": "affected"}, {"version": "12.5(1)SU3", "status": "affected"}, {"version": "12.5(1)_SU03_ES01", "status": "affected"}, {"version": "12.5(1)_SU03_ES02", "status": "affected"}, {"version": "12.5(1)_SU02_ES03", "status": "affected"}, {"version": "12.5(1)_SU02_ES04", "status": "affected"}, {"version": "12.5(1)_SU02_ES02", "status": "affected"}, {"version": "12.5(1)_SU01_ES02", "status": "affected"}, {"version": "12.5(1)_SU01_ES03", "status": "affected"}, {"version": "12.5(1)_SU02_ES01", "status": "affected"}, {"version": "11.6(2)ES07", "status": "affected"}, {"version": "11.6(2)ES08", "status": "affected"}, {"version": "12.5(1)_SU01_ES01", "status": "affected"}, {"version": "12.0(1)ES04", "status": "affected"}, {"version": "12.5(1)ES02", "status": "affected"}, {"version": "12.5(1)ES03", "status": "affected"}, {"version": "11.6(2)ES06", "status": "affected"}, {"version": "12.5(1)ES01", "status": "affected"}, {"version": "12.0(1)ES03", "status": "affected"}, {"version": "12.0(1)ES01", "status": "affected"}, {"version": "11.6(2)ES05", "status": "affected"}, {"version": "12.0(1)ES02", "status": "affected"}, {"version": "11.6(2)ES04", "status": "affected"}, {"version": "11.6(2)ES03", "status": "affected"}, {"version": "11.6(2)ES02", "status": "affected"}, {"version": "11.6(2)ES01", "status": "affected"}, {"version": "10.6(1)SU3ES03", "status": "affected"}, {"version": "11.0(1)SU1ES03", "status": "affected"}, {"version": "10.6(1)SU3ES01", "status": "affected"}, {"version": "10.5(1)SU1ES10", "status": "affected"}, {"version": "10.0(1)SU1ES04", "status": "affected"}, {"version": "11.5(1)SU1ES03", "status": "affected"}, {"version": "11.6(1)ES02", "status": "affected"}, {"version": "11.5(1)ES01", "status": "affected"}, {"version": "9.0(2)SU3ES04", "status": "affected"}, {"version": "10.6(1)SU2", "status": "affected"}, {"version": "10.6(1)SU2ES04", "status": "affected"}, {"version": "11.6(1)ES01", "status": "affected"}, {"version": "10.6(1)SU3ES02", "status": "affected"}, {"version": "11.5(1)SU1ES02", "status": "affected"}, {"version": "11.5(1)SU1ES01", "status": "affected"}, {"version": "8.5(1)", "status": "affected"}, {"version": "11.0(1)SU1ES02", "status": "affected"}, {"version": "12.5(1)_SU03_ES03", "status": "affected"}, {"version": "12.5(1)_SU03_ES04", "status": "affected"}, {"version": "12.5(1)_SU03_ES05", "status": "affected"}, {"version": "12.5(1)_SU03_ES06", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-06-04T16:18:20.643Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-04T18:12:43.136839Z", "id": "CVE-2025-20279", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-04T18:19:30.697Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-20279", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-04T18:12:43.136839Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-04T18:12:44.543Z"}}], "cna": {"title": "Cisco Unifed Contact Center Express Stored Cross-Site Scripting Vulnerability", "source": {"defects": ["CSCwk24130"], "advisory": "cisco-sa-uccx-multi-UhOTvPGL", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Unified Contact Center Express", "versions": [{"status": "affected", "version": "10.6(1)"}, {"status": "affected", "version": "10.5(1)SU1"}, {"status": "affected", "version": "10.6(1)SU3"}, {"status": "affected", "version": "12.0(1)"}, {"status": "affected", "version": "10.0(1)SU1"}, {"status": "affected", "version": "10.6(1)SU1"}, {"status": "affected", "version": "11.0(1)SU1"}, {"status": "affected", "version": "11.5(1)SU1"}, {"status": "affected", "version": "10.5(1)"}, {"status": "affected", "version": "11.6(1)"}, {"status": "affected", "version": "11.6(2)"}, {"status": "affected", "version": "12.5(1)"}, {"status": "affected", "version": "12.5(1)SU1"}, {"status": "affected", "version": "12.5(1)SU2"}, {"status": "affected", "version": "12.5(1)SU3"}, {"status": "affected", "version": "12.5(1)_SU03_ES01"}, {"status": "affected", "version": "12.5(1)_SU03_ES02"}, {"status": "affected", "version": "12.5(1)_SU02_ES03"}, {"status": "affected", "version": "12.5(1)_SU02_ES04"}, {"status": "affected", "version": "12.5(1)_SU02_ES02"}, {"status": "affected", "version": "12.5(1)_SU01_ES02"}, {"status": "affected", "version": "12.5(1)_SU01_ES03"}, {"status": "affected", "version": "12.5(1)_SU02_ES01"}, {"status": "affected", "version": "11.6(2)ES07"}, {"status": "affected", "version": "11.6(2)ES08"}, {"status": "affected", "version": "12.5(1)_SU01_ES01"}, {"status": "affected", "version": "12.0(1)ES04"}, {"status": "affected", "version": "12.5(1)ES02"}, {"status": "affected", "version": "12.5(1)ES03"}, {"status": "affected", "version": "11.6(2)ES06"}, {"status": "affected", "version": "12.5(1)ES01"}, {"status": "affected", "version": "12.0(1)ES03"}, {"status": "affected", "version": "12.0(1)ES01"}, {"status": "affected", "version": "11.6(2)ES05"}, {"status": "affected", "version": "12.0(1)ES02"}, {"status": "affected", "version": "11.6(2)ES04"}, {"status": "affected", "version": "11.6(2)ES03"}, {"status": "affected", "version": "11.6(2)ES02"}, {"status": "affected", "version": "11.6(2)ES01"}, {"status": "affected", "version": "10.6(1)SU3ES03"}, {"status": "affected", "version": "11.0(1)SU1ES03"}, {"status": "affected", "version": "10.6(1)SU3ES01"}, {"status": "affected", "version": "10.5(1)SU1ES10"}, {"status": "affected", "version": "10.0(1)SU1ES04"}, {"status": "affected", "version": "11.5(1)SU1ES03"}, {"status": "affected", "version": "11.6(1)ES02"}, {"status": "affected", "version": "11.5(1)ES01"}, {"status": "affected", "version": "9.0(2)SU3ES04"}, {"status": "affected", "version": "10.6(1)SU2"}, {"status": "affected", "version": "10.6(1)SU2ES04"}, {"status": "affected", "version": "11.6(1)ES01"}, {"status": "affected", "version": "10.6(1)SU3ES02"}, {"status": "affected", "version": "11.5(1)SU1ES02"}, {"status": "affected", "version": "11.5(1)SU1ES01"}, {"status": "affected", "version": "8.5(1)"}, {"status": "affected", "version": "11.0(1)SU1ES02"}, {"status": "affected", "version": "12.5(1)_SU03_ES03"}, {"status": "affected", "version": "12.5(1)_SU03_ES04"}, {"status": "affected", "version": "12.5(1)_SU03_ES05"}, {"status": "affected", "version": "12.5(1)_SU03_ES06"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL", "name": "cisco-sa-uccx-multi-UhOTvPGL"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-06-04T16:18:20.643Z"}}}, "cveMetadata": {"cveId": "CVE-2025-20279", "state": "PUBLISHED", "dateUpdated": "2025-06-04T18:19:30.697Z", "dateReserved": "2024-10-10T19:15:13.246Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2025-06-04T16:18:20.643Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:8.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "ED97AAD8-D02D-42AB-863A-7538A1F6D425", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su3es04:*:*:*:*:*:*:*", "matchCriteriaId": "E1202DE4-CA67-424E-8379-2BC13630F0C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "31854EAF-89B5-40BB-98E7-7EBB2E867C96", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1es04:*:*:*:*:*:*:*", "matchCriteriaId": "DE1194F1-9CF5-460E-AF26-FB7CDC1EE878", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*", "matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*", "matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*", "matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*", "matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*", "matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*", "matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*", "matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*", "matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*", "matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*", "matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*", "matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*", "matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*", "matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*", "matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*", "matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*", "matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*", "matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*", "matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*", "matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*", "matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*", "matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*", "matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*", "matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*", "matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*", "matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*", "matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*", "matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*", "matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*", "matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*", "matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*", "matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*", "matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*", "matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*", "matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*", "matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*", "matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco Unified CCX podr\u00eda permitir que un atacante remoto autenticado realice un ataque XSS almacenado en un sistema afectado. Para explotar esta vulnerabilidad, el atacante debe tener credenciales administrativas v\u00e1lidas. Esta vulnerabilidad se debe a una depuraci\u00f3n inadecuada de la entrada del usuario en la interfaz de administraci\u00f3n web. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un script malicioso a trav\u00e9s de la interfaz. Una explotaci\u00f3n exitosa podr\u00eda permitirle realizar un ataque XSS almacenado en el sistema afectado."}], "id": "CVE-2025-20279", "lastModified": "2025-07-22T13:41:39.667", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2025-06-04T17:15:28.213", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}