CVE-2017-6776

Description

A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd76324. Known Affected Releases: 2.2(9.76) and 2.3(1).

Risk Information

Base Score

6.1

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.164

Associated Vulnerability

Vulnerability	OS Platform
Cisco Elastic Services Controller Cross-Site Scripting Vulnerability For Cisco Elastic Services Controller	NCM
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2017-6776)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1700559	Security Update for Cisco Elastic Services Controller 5.3(0.102)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234