CVE-2018-0186 — Cross-site Scripting in Cisco IOS XE

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 45.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE

Timeline

PublishedMar 28

Latest updateMay 13

Description

Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or b…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDcisco/ios_xe< 16.3.6

🔴Vulnerability Details

GHSA

GHSA-x94g-f474-2f72: Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct↗2022-05-13

▶

CVEList

CVE-2018-0186: Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct↗2018-03-28

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software Web UI Cross-Site Scripting Vulnerabilities↗2018-03-28

▶