CVE-2013-1114

Cisco Unity Express < 8.0 - Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1114.

AI-analyzed exploit summary The exploit demonstrates a reflective XSS vulnerability (CVE-2013-1114) in Cisco Unity Express via a crafted GET request and a persistent XSS via a POST request. It also includes a CSRF proof-of-concept (CVE-2013-1120) targeting configuration changes.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.

Exploits (1)

exploitdb WORKING POC

webappsjsp

https://www.exploit-db.com/exploits/24449

View Code ZIP pw:eip

The exploit demonstrates a reflective XSS vulnerability (CVE-2013-1114) in Cisco Unity Express via a crafted GET request and a persistent XSS via a POST request. It also includes a CSRF proof-of-concept (CVE-2013-1120) targeting configuration changes.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Cisco Unity Express

No auth needed

Prerequisites: Network access to the target Cisco Unity Express instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114

Scores

EPSS 0.1027

EPSS Percentile 95.1%

Details

CWE

CWE-79

Status published

Products (17)

cisco/unity_express_software 1.1.1

cisco/unity_express_software 1.1.2

cisco/unity_express_software 2.0

cisco/unity_express_software 2.1

cisco/unity_express_software 2.1.1

cisco/unity_express_software 2.1.2

cisco/unity_express_software 2.2

cisco/unity_express_software 2.2.2

cisco/unity_express_software 2.3

cisco/unity_express_software 3.0

... and 7 more

Published Feb 13, 2013

Tracked Since Feb 18, 2026