N/A

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This vulnerability existed because HTML and script content was not properly handled. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to steal sensitive information from the browser, including authentication and session information.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)

Cisco Webex Contact Center 安全漏洞

Cisco Webex Contact Center是美国思科（Cisco）公司的一款云联络中心平台。 Cisco Webex Contact Center存在安全漏洞，该漏洞源于HTML和脚本内容处理不当，可能导致未经验证的远程攻击者执行跨站脚本攻击，窃取敏感信息。

N/A

N/A