Cross-Site Scripting Vulnerability in Cisco Elastic Services Controller
CVE-2017-6776

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Elastic Services Controller
Vendor: CVE Published:; 17 August 2017

Summary

A cross-site scripting vulnerability exists in Cisco Elastic Services Controller due to inadequate input validation in its web framework. An unauthenticated remote attacker could exploit this flaw to perform attacks against users of the web interface. This could occur by enticing users to visit a malicious link or intercepting their requests to inject harmful code. Exploitation of this vulnerability may enable attackers to execute arbitrary scripts in the context of the affected site or gain access to sensitive information stored in the user's browser.

Affected Version(s)

Elastic Services Controller 2.2(9.76)

Elastic Services Controller 2.3(1)

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/100370

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 17, 2017
Vulnerability Reserved
Mar 9, 2017