CVE-2022-20640Cross-site Scripting in Cisco Security Manager

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 61.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Security ManagerCisco Security Manager
Timeline
PublishedJan 14
Latest updateJan 15

Description

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script cod

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-xfqm-ggrw-528f: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cr2022-01-15
CVEList
Cisco Security Manager Cross-Site Scripting Vulnerabilities2022-01-14

📋Vendor Advisories

1
Cisco
Cisco Security Manager Cross-Site Scripting Vulnerabilities2022-01-12
CVE-2022-20640 — Cross-site Scripting in Cisco | cvebase