Cisco Unified Contact Center Express (Cisco Unified CCX) server contains both a directory traversal vulnerability and a script injection vulnerability in the administration pages of the Customer Response Solutions (CRS) and Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) products. Exploitation of these vulnerabilities could result in a denial of service condition, information disclosure, or a privilege escalation attack.

Read more at: http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml