CVE-2020-3464Cross-site Scripting in Cisco UCS Director

CWE-79Cross-site Scripting7 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
0.2%
top 61.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco UCS DirectorCisco UCS Director
Timeline
PublishedAug 17
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

NVDcisco/ucs_director< 6.7.4.1

🔴Vulnerability Details

2
GHSA
GHSA-ffm7-6333-j3m5: A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credenti2022-05-24
CVEList
Cisco UCS Director Stored Cross-Site Scripting Vulnerability2020-08-17

📋Vendor Advisories

1
Cisco
Cisco UCS Director Stored Cross-Site Scripting Vulnerability2020-08-05

💬Community

1
Bugzilla
CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC72302020-01-22
CVE-2020-3464 — Cross-site Scripting in Cisco | cvebase