Cross-Site Scripting Vulnerability in Cisco Prime Collaboration Assurance
CVE-2017-3845

6.1MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Prime Collaboration Assurance
Vendor
CVE Published:
22 February 2017

What is CVE-2017-3845?

A vulnerability exists in the web-based management interface of Cisco Prime Collaboration Assurance, enabling unauthenticated remote attackers to execute cross-site scripting (XSS) attacks. This allows attackers to inject malicious scripts into web pages viewed by users of the affected interface, potentially leading to the exposure of sensitive information or user session hijacking. The vulnerability affects specific versions of Cisco Prime Collaboration Assurance, specifically versions 11.0, 11.1, and 11.5, while earlier versions remain unaffected.

Affected Version(s)

Cisco Prime Collaboration Assurance Cisco Prime Collaboration Assurance

References

http://www.securityfocus.com/bid/96245
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037844
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.