Cross-Site Scripting Vulnerability in Cisco Prime Service Catalog
CVE-2017-3866

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Service Catalog
Vendor
CVE Published:
17 March 2017

Summary

A vulnerability exists in the web framework of Cisco Prime Service Catalog, enabling an unauthenticated remote attacker to perform cross-site scripting (XSS) attacks through the affected system's web interface. This could potentially allow the attacker to execute malicious scripts in the context of the user's browser session, jeopardizing sensitive information and leading to further exploits.

Affected Version(s)

Cisco Prime Service Catalog Cisco Prime Service Catalog

References

http://www.securityfocus.com/bid/96917
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038045
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.