CVE-2009-2048

Name of the Vulnerable Software and Affected Versions Cisco Unified Contact Center Express (CCX) server versions prior to 7.0(1) SR2

Description A cross-site scripting (XSS) issue exists in the Administration interface of Cisco Customer Response Solutions (CRS) in Cisco Unified Contact Center Express (CCX) server. This allows remote authenticated users to inject arbitrary web script or HTML into the CCX database.

Recommendations For versions prior to 7.0(1) SR2, update to version 7.0(1) SR2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Administration interface to minimize the risk of exploitation.