CVE-2019-1668Cross-site Scripting in Cisco Socialminer

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 48.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco SocialminerCisco Socialminer
Timeline
PublishedJan 24
Latest updateMay 13

Description

A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDcisco/socialminer11.6\(1\), 11.6\(2\), 12.0\(1\)+2

🔴Vulnerability Details

2
GHSA
GHSA-8x4w-mfgj-fgpr: A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) at2022-05-13
CVEList
Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerability2019-01-24

📋Vendor Advisories

1
Cisco
Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities2019-01-23
CVE-2019-1668 — Cross-site Scripting in Cisco | cvebase