Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-6g9h-226r-qp89

Опубликовано: 27 сент. 2023
Источник: github
Github: Не прошло ревью
CVSS3: 4.3

Описание

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.

This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.

This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.

Ссылки

EPSS

Процентиль: 24%
0.00081
Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2023-20179

Дефекты

CWE-79
CWE-80

Связанные уязвимости

nvd логотип

CVE-2023-20179

CVSS3: 4.3
nvd
больше 2 лет назад

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.

fstec логотип

BDU:2023-06247

CVSS3: 4.3
fstec
больше 3 лет назад

Уязвимость веб-интерфейса управления централизованной системы управления сетью Cisco Catalyst SD-WAN Manager (ранее Cisco SD-WAN vManage), позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 24%
0.00081
Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2023-20179

Дефекты

CWE-79
CWE-80