Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-15253Cross-site Scripting in Cisco Catalyst Center

CWE-79Cross-site Scripting5 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
0.6%
top 29.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Cisco Catalyst CenterCisco Digital Network Architecture Center
Timeline
PublishedFeb 5
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafte

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

NVDcisco/catalyst_center1.3.1.01.3.1.4+1

🔴Vulnerability Details

2
GHSA
GHSA-f87r-2g9r-6576: A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker2022-05-24
CVEList
Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability2020-02-05

💥Exploits & PoCs

1
Exploit-DB
Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting2020-05-12

📋Vendor Advisories

1
Cisco
Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability2020-02-05
CVE-2019-15253 — Cross-site Scripting in Cisco | cvebase