Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability
CVE-2022-20765

4.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Ucs Director
Vendor: CVE Published:; 27 May 2022

Badges

👾 Exploit Exists

Summary

A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms.

Affected Version(s)

Cisco UCS Director

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
May 27, 2022
Vulnerability Reserved
Nov 2, 2021