CVE-2016-1401
published 2016-05-21CVE-2016-1401: Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers…
PriorityP424medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.01%
58.7th percentile
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | unified_computing_system_central | — | — |
| cisco | unified_computing_system_central_software | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3h2x-f5p6-82hc: Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1
ghsa_unreviewed·2022-05-17
CVE-2016-1401 [MEDIUM] CWE-79 GHSA-3h2x-f5p6-82hc: Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.
Cisco
Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
vendor_cisco·2016-05-17·CVSS 4.3
CVE-2016-1401 [MEDIUM] CWE-79 Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.
The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not availa
Cisco
Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
vendor_cisco
CVE-2016-1401 Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
CVE-2016-1401: Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user. Cisco has released software updates that address this vulnerability.
CWE: CWE-79, CWE-79
Bug IDs: CSCuy91250
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-05-21
Published