Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
Vulnerability Description
A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Cisco Enterprise Chat and Email 跨站脚本漏洞
Vulnerability Description
Cisco Enterprise Chat and Email(CEC)是美国思科(Cisco)公司的一套企业聊天和电子邮件解决方案。该产品主要为其它Cisco解决方案提供电子邮件、聊天和Web回调功能等。 Cisco Enterprise Chat and Email(CEC)存在跨站脚本漏洞,该漏洞源于用户验证不足导致提供的输入由Web界面处理。攻击者可以通过向受影响的系统发送精心设计的HTTP请求来利用此漏洞。成功的利用可能允许攻击者在接口上下文中执行任意代码或访问基于浏览器的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A