CVE-2022-20634

CWE-601 — Open Redirect CWE-204 CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 75.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Enterprise Chat AND Email Cisco Cisco Enterprise Chat AND Email

Timeline

PublishedNov 15

Description

A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a speci…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/enterprise_chat_and_email< 12.6\(1\)es1

▶CVEListV5cisco/cisco_enterprise_chat_and_email30 versions+29

🔴Vulnerability Details

CVEList

Cisco Enterprise Chat and Email Open Redirect Vulnerability↗2024-11-15

▶

GHSA

GHSA-pqqw-6g5g-6pqj: A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired↗2024-11-15

▶

📋Vendor Advisories

Cisco

Cisco Enterprise Chat and Email Vulnerabilities↗2022-01-12

▶