A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:41
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq - Vendor Advisory |
24 Jan 2024, 18:43
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
| CWE | CWE-79 | |
| First Time |
Cisco prime Infrastructure
Cisco Cisco evolved Programmable Network Manager |
|
| CPE | cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:* cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:* cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:* |
17 Jan 2024, 17:35
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-01-17 17:15
Updated : 2024-11-21 07:41
NVD link : CVE-2023-20257
Mitre link : CVE-2023-20257
CVE.ORG link : CVE-2023-20257
JSON object : View
Products Affected
cisco
- prime_infrastructure
- evolved_programmable_network_manager