CVE-2021-1582 — Cross-site Scripting in Cisco Application Policy Infrastructure Controller

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 61.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Application Policy Infrastructure Controller Cisco Cloud Application Policy Infrastructure Controller Cisco Application Policy Infrastructure Controller

Timeline

PublishedAug 25

Latest updateMay 24

Description

A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDcisco/cloud_application_policy_infrastructure_controller4.0 — 4.2\(7i\)+2

▶NVDcisco/application_policy_infrastructure_controller4.0 — 4.2\(7i\)+2

▶CVEListV5cisco/cisco_application_policy_infrastructure_controllern/a

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-h49f-v2qm-5q9g: A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote at↗2022-05-24

▶

CVEList

Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability↗2021-08-25

▶

📋Vendor Advisories

Cisco

Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability↗2021-08-25

▶