CVE-2017-12272Cross-site Scripting in Cisco IOS XE

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 53.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedOct 19
Latest updateMay 13

Description

A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDcisco/ios_xe16.1.2, 16.2.0, 16.3\(1\)+2

🔴Vulnerability Details

2
GHSA
GHSA-85gm-vc8f-chp4: A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (2022-05-13
CVEList
CVE-2017-12272: A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (2017-10-19

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Web Framework Cross-Site Scripting Vulnerability2017-10-18
CVE-2017-12272 — Cross-site Scripting in Cisco IOS XE | cvebase