CVE-2020-3349 — Cross-site Scripting in Cisco Data Center Network Manager

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 58.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Data Center Network Manager Cisco Data Center Network Manager

Timeline

PublishedJul 16

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDcisco/data_center_network_manager< 11.4\(1\)

▶CVEListV5cisco/cisco_data_center_network_managern/a

🔴Vulnerability Details

GHSA

GHSA-m2q5-mwp7-c7mq: Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attack↗2022-05-24

▶

CVEList

Cisco Data Center Network Manager Cross-Site Scripting Vulnerabilities↗2020-07-16

▶

📋Vendor Advisories

Cisco

Cisco Data Center Network Manager Cross-Site Scripting Vulnerabilities↗2020-07-15

▶