Reflected Cross-Site Scripting Vulnerability in Cisco Prime Service Catalog
CVE-2018-0200

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Service Catalog
Vendor
CVE Published:
22 February 2018

Summary

A vulnerability exists in the web-based interface of Cisco Prime Service Catalog that could be exploited by an unauthenticated remote attacker. This exploit allows the attacker to conduct a reflected cross-site scripting (XSS) attack by enticing a user to click on a specially crafted link. When the link is clicked, the insufficient validation of user-supplied input could enable the execution of arbitrary script code in the context of the web interface. Such an attack may lead to unauthorized access to sensitive browser-based information, posing significant security risks to users.

Affected Version(s)

Cisco Prime Service Catalog Cisco Prime Service Catalog

References

http://www.securityfocus.com/bid/103128
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040408
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.