Cisco Prime Service Catalog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCvo33891.
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
| Bugtraq ID: | 108836 |
| Class: | Input Validation Error |
| CVE: | CVE-2019-1875 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 19 2019 12:00AM |
| Updated: | Jun 19 2019 12:00AM |
| Credit: | Cisco |
| Vulnerable: | Cisco Prime Service Catalog 12.1 Cisco Prime Service Catalog 12.0 Cisco Prime Service Catalog 11.1.1 Cisco Prime Service Catalog 11.0 |
| Not Vulnerable: | Cisco Prime Service Catalog 12.1 Patch_v10 |
References:
from SecurityFocus Vulnerabilities http://bit.ly/2ItdtOq
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.