Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-20228
HistoryAug 16, 2023 - 9:15 p.m.

CVE-2023-20228

2023-08-1621:15:09
CWE-79
CWE-80
[email protected]
web.nvd.nist.gov
cisco integrated management controller
cross-site scripting
user input validation
web-based interface

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.1%

JSON

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.

Affected configurations

NVD
Node
ciscoencs_5100_firmwareRange3.23.2.15.1
AND
ciscoencs_5100Match-
Node
ciscoencs_5400_firmwareRange3.23.2.15.1
AND
ciscoencs_5400Match-
Node
ciscoucs_c220_m5_rack_server_firmwareRange4.24.3.2.230207
AND
ciscoucs_c220_m5_rack_serverMatch-
Node
ciscoucs_e160s_m3_firmwareRange<3.2.15.1
AND
ciscoucs_e160s_m3Match-
Node
ciscoucs_e180d_m3_firmwareRange<3.2.15.1
AND
ciscoucs_e180d_m3Match-
Node
ciscoucs-e1120d-m3_firmwareRange<3.2.15.1
AND
ciscoucs-e1120d-m3Match-

Related

cisco 1
prion 1
cve 1
cvelist 1
cisco
cisco
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
2023-08-16 16:00:00
prion
prion
Cross site scripting
2023-08-16 21:15:00
cve
cve
CVE-2023-20228
2023-08-16 21:15:09
cvelist
cvelist
CVE-2023-20228
2023-08-16 20:59:07

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.1%

JSON
Related for NVD:CVE-2023-20228
cisco1prion1cve1cvelist1