Abd El Rahman Ezzat

**Name of the Vulnerable Software and Affected Versions** Cisco Finesse (affected versions not specified) **Description** The issue is related to insufficient validation of user-supplied input for specific HTTP requests sent to an affected device, allowing an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. An attacker could exploit this by persuading a user to click a crafted link, potentially executing arbitrary script code in the context of the affected interface or accessing sensitive information on the affected device. **Recommendations** As a temporary workaround, consider restricting access to the web-based management interface of Cisco Finesse to minimize the risk of exploitation. Avoid using the vulnerable interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Finesse (affected versions not specified) **Description** A flaw exists in the web-based management interface of Cisco Finesse that could allow a remote attacker who does not need to authenticate to perform a Server-Side Request Forgery (SSRF) attack. This issue is caused by inadequate validation of user-supplied input within specific HTTP requests sent to the system. An attacker can exploit this by sending a specially crafted HTTP request to the device. A successful exploit may allow the attacker to obtain limited sensitive information related to services associated with the affected device. SSRF is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.