CVE-2009-2048

Cisco CRS <7.0(1) SR2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors.

References (7)

[Patch, Vendor Advisory] http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/51730

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/35705

[Third Party Advisory, VDB Entry] http://osvdb.org/55937

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022569

[Third Party Advisory] http://secunia.com/advisories/35861

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/1913

Scores

EPSS 0.0034

EPSS Percentile 56.0%

Classification

CWE

CWE-79

Status published

Affected Products (34)

cisco/crs

cisco/crs

cisco/crs

cisco/crs

cisco/crs

cisco/crs

cisco/crs

cisco/customer_response_applications

cisco/ip_qm

cisco/unified_ccx

cisco/unified_ccx

cisco/unified_ccx

cisco/unified_ccx

cisco/unified_ccx

cisco/unified_ccx

... and 19 more

Timeline

Published Jul 16, 2009

Tracked Since Feb 18, 2026