Cross-Site Scripting Vulnerability in Cisco Unified Intelligence Center Software
CVE-2017-12248

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Unified Intelligence Center
Vendor
CVE Published:
21 September 2017

Summary

A vulnerability exists in the web framework of Cisco Unified Intelligence Center Software, which may allow unauthenticated remote attackers to execute cross-site scripting (XSS) attacks. This vulnerability arises from inadequate input validation of parameters sent to the web server. An attacker can exploit this issue by enticing users to click on malicious links or by injecting harmful code into intercepted user requests. Successful exploitation could permit the execution of arbitrary script code within the context of the affected web application, potentially exposing sensitive browser-based information.

Affected Version(s)

Cisco Unified Intelligence Center Cisco Unified Intelligence Center

References

http://www.securityfocus.com/bid/100921
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039408
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.