Cross-Site Scripting Vulnerability in Cisco UCS Director
CVE-2018-0219

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Ucs Director
Vendor
CVE Published:
8 March 2018

Summary

A vulnerability in the web-based management interface of Cisco Unified Computing System (UCS) Director exposes users to cross-site scripting (XSS) attacks. This issue arises from inadequate validation of user-supplied input, allowing an unauthenticated remote attack to inject malicious scripts. By tricking users into clicking a specially crafted link, an attacker can execute arbitrary code within the user's browser context, potentially leading to unauthorized access to sensitive information. Protecting against this vulnerability is crucial for maintaining the security of Cisco UCS Director interfaces.

Affected Version(s)

Cisco UCS Director Cisco UCS Director

References

http://www.securityfocus.com/bid/103326
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040467
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.