Cross-Site Scripting Flaw in Cisco Umbrella Management Dashboard
CVE-2022-20969

4.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Umbrella Dashboard
Vendor: CVE Published:; 4 November 2022

Badges

👾 Exploit Exists

Summary

A cross-site scripting vulnerability exists in the management dashboard pages of Cisco Umbrella, allowing an authenticated remote attacker to submit unsanitized input. By exploiting this weakness, the attacker can execute arbitrary JavaScript code in the context of the dashboard interface. This may lead to the execution of malicious scripts or unauthorized access to sensitive information stored in the user's browser. Users of Cisco Umbrella are urged to remain cautious of potentially harmful links and ensure that they are using the latest security updates to mitigate this risk.

Affected Version(s)

Cisco Umbrella Dashboard

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Nov 4, 2022
Vulnerability Reserved
Nov 2, 2021