Cisco Finesse Exposes Vulnerabilities Allowing Attackers to Execute Stored XSS Attacks

Cisco Finesse Exposes Vulnerabilities Allowing Attackers to Execute Stored XSS Attacks

Cisco has disclosed two vulnerabilities in its Finesse web-based management interface which could allow remote attackers to conduct a stored cross-site scripting attack. The vulnerabilities, identified as CVE-2024-20404 and CVE-2024-20405, involve a remote file inclusion vulnerability and a server-side request forgery attack. These vulnerabilities have a security impact rating of Medium, as they provide limited … Read more