Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Unified Intelligence Center Remote File Injection Vulnerability
Vulnerability Description
A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user’s browser and Cisco Unified Intelligence Center in the context of the malicious gadget.
CVSS Information
N/A
Vulnerability Type
对资源描述符的控制不恰当(资源注入)
Vulnerability Title
Cisco Unified Intelligence Center 安全漏洞
Vulnerability Description
Cisco Unified Intelligence Center是美国思科(Cisco)公司的一套基于Web的报表平台。该平台提供报告相关的业务数据和呼叫中心数据的展示功能。 Cisco Unified Intelligence Center 12.0(1)版本中存在安全漏洞。远程攻击者可通过迫使用户加载恶意的小工具利用该漏洞获取敏感信息(例如,当前用户凭证)或操纵Cisco Unified Intelligence Center与浏览器之间的数据。
CVSS Information
N/A
Vulnerability Type
N/A