CVE-2015-6387
published 2015-12-05CVE-2015-6387: Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.36%
68.3th percentile
Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | unified_computing_system_central | — | — |
| cisco | unified_computing_system_central_software | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability
vendor_cisco·2015-12-02·CVSS 5.0
CVE-2015-6387 [MEDIUM] CWE-79 Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability
Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.
The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user.
Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability
Cisco
Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability
vendor_cisco
CVE-2015-6387 Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability
CVE-2015-6387: Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user. Cisco has not released software updates that address this vulnerability.
CWE: CWE-79, CWE-79
Bug IDs: CSCu
GHSA
GHSA-2gxf-82cx-67jf: Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1
ghsa_unreviewed·2022-05-17
CVE-2015-6387 [MEDIUM] CWE-79 GHSA-2gxf-82cx-67jf: Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1
Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-12-05
Published