CISCO : Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106970

Categoría: CISCO

Título: Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability

Resumen: A vulnerability in the web portal of the Cisco Prime Collaboration;Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS);attack against a user of the web interface of an affected system.

Descripción: Summary:
A vulnerability in the web portal of the Cisco Prime Collaboration
Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)
attack against a user of the web interface of an affected system.

Vulnerability Insight:
The vulnerability is due to insufficient input validation of a user-supplied
value. An attacker could exploit this vulnerability by sending malicious JavaScript code to the PCP administrative
UI.

Vulnerability Impact:
A successful exploit could allow the attacker to perform actions as a
higher-level administrator.

Solution:
Update to version 12.1.0.692 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-6755
BugTraq ID: 99878
http://www.securityfocus.com/bid/99878
http://www.securitytracker.com/id/1038960

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106970
Categoría:	CISCO
Título:	Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability
Resumen:	A vulnerability in the web portal of the Cisco Prime Collaboration;Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS);attack against a user of the web interface of an affected system.
Descripción:	Summary: A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. Vulnerability Insight: The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by sending malicious JavaScript code to the PCP administrative UI. Vulnerability Impact: A successful exploit could allow the attacker to perform actions as a higher-level administrator. Solution: Update to version 12.1.0.692 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6755 BugTraq ID: 99878 http://www.securityfocus.com/bid/99878 http://www.securitytracker.com/id/1038960
Copyright	Copyright (C) 2017 Greenbone AG