CVE-2022-20636

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.2%
top 61.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Security ManagerCisco Cisco Security Manager
Timeline
PublishedJan 14
Latest updateJan 15

Description

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script cod

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-hgm5-j6qc-fwmr: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cr2022-01-15
CVEList
Cisco Security Manager Cross-Site Scripting Vulnerabilities2022-01-14

📋Vendor Advisories

1
Cisco
Cisco Security Manager Cross-Site Scripting Vulnerabilities2022-01-12
CVE-2022-20636 (MEDIUM CVSS 6.1) | Multiple vulnerabilities in the web | cvebase.io