CVE-2017-3866

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 47.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Service Catalog

Timeline

PublishedMar 17

Latest updateMay 17

Description

A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc79842 CSCvc79846 CSCvc79855 CSCvc79873 CSCvc79882 CSCvc79891. Known Affected Releases: 11.1.2.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5cisco_prime_service_catalogCisco Prime Service Catalog

▶NVDcisco/prime_service_catalog11.1.2, 11.1_base+1

🔴Vulnerability Details

GHSA

GHSA-h762-7998-wph4: A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scrip↗2022-05-17

▶

CVEList

CVE-2017-3866: A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scrip↗2017-03-17

▶

📋Vendor Advisories

Cisco

Cisco Prime Service Catalog Multiple Cross-Site Scripting Vulnerabilities↗2017-03-15

▶