Cross-Site Scripting Vulnerability in Cisco Unified Intelligence Center
CVE-2017-6789

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Unified Intelligence Center
Vendor
CVE Published:
7 September 2017

Summary

A vulnerability exists in the Cisco Unified Intelligence Center web interface that allows an unauthenticated, remote attacker to launch a client-side cross-site scripting (XSS) attack. This vulnerability stems from the failure to validate user-supplied data in the Document Object Model (DOM) input. By exploiting this weakness, an attacker can manipulate the integrity of the system by sending specially crafted URLs with malicious DOM statements. Successful exploitation could undermine the system's integrity and enable database manipulation.

Affected Version(s)

Cisco Unified Intelligence Center Cisco Unified Intelligence Center

References

http://www.securitytracker.com/id/1039278
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/100646
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.