CVE-2019-15278

MEDIUM

Cisco Finesse - Unauthenticated Cross-Site Scripting via URL Handling

Title source: llm
STIX 2.1

Description

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

References (1)

Core 1
Core References

Scores

CVSS v3 6.1
EPSS 0.0090
EPSS Percentile 55.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (4)
cisco/finesse 11.6\(1\)
cisco/finesse 12.0\(1\)
cisco/finesse 12.5\(1\)
cisco/unified_contact_center_express 12.0\(1\)
Published Jan 26, 2020
Tracked Since Feb 18, 2026