CVE-2025-20273 – Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting Vulnerability

June 4, 2025

CVE ID : CVE-2025-20273

Published : June 4, 2025, 5:15 p.m. | 2 hours, 21 minutes ago

Description : A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-20278 – “Cisco Unified Communications Command Injection Vulnerability”

Next Article CVE-2025-20277 – Cisco Unified CCX Path Traversal Remote Code Execution

Highlights

CVE-2025-52970 – Fortinet FortiWeb Unauthenticated Privilege Escalation Vulnerability

August 12, 2025

CVE ID : CVE-2025-52970

Published : Aug. 12, 2025, 7:15 p.m. | 6 hours, 25 minutes ago

Description : A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

What You Need to Know About CSS Color Interpolation

Why browsers throttle JavaScript timers (and what to do about it)

Why browsers throttle JavaScript timers (and what to do about it)

How to create Google Gemini AI component in Total.js Flow

Drupal 11’s AI Features: What They Actually Mean for Your Team

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

CVE-2025-20273 – Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting Vulnerability

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

New Android Malware ‘SikkahBot’ Targets Students in Bangladesh

CVE-2025-6149 – TOTOLINK A3002R HTTP POST Request Handler Buffer Overflow

Velocity: AI user testing for prototypes

Bing Image Creator adds free GPT-4o image generation alongside DALL-E 3

CVE-2025-52970 – Fortinet FortiWeb Unauthenticated Privilege Escalation Vulnerability

Medical Card Generator Android App Project Using SQLite

Google’s New AI “Little Language Experiments” Teaches You to Talk Like a Local

How to use Lottie animations

CVE-2025-20273 – Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting Vulnerability

Related Posts