Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability

A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)

Cisco UCS Director 跨站脚本漏洞

Cisco UCS Director是美国思科（Cisco）公司的一套私有云基础架构即服务（IaaS）的异构平台。 Cisco UCS Director 存在安全漏洞，该漏洞源于未经处理的用户输入造成的。 攻击者可以通过向受影响的 Web 应用程序提交自定义 JavaScript 来利用此漏洞。 成功的利用可能允许攻击者重写网页内容，访问存储在应用程序中的敏感信息，并通过提交表单来更改数据。

N/A

N/A