DOM-based Cross-Site Scripting Vulnerability in Cisco Unified Intelligence Center
CVE-2017-12254

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Unified Intelligence Center
Vendor
CVE Published:
21 September 2017

Summary

A vulnerability in the web interface of Cisco Unified Intelligence Center can be exploited by unauthenticated remote attackers to execute a DOM-based cross-site scripting attack. This vulnerability arises from inadequate input validation of certain parameters handled by the web server. Attackers could leverage this weakness by luring users to click on a compromised link or by intercepting requests to inject malicious scripts. Successful exploitation may enable attackers to execute arbitrary code within the browser context of the affected site or gain access to sensitive information stored in the user's browser.

Affected Version(s)

Cisco Unified Intelligence Center Cisco Unified Intelligence Center

References

http://www.securityfocus.com/bid/100922
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039410
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.