CVE-2017-12254

CVE-2017-12254

Vendor N/A

Product Cisco Unified Intelligence Center

Weakness CWE-79 · XSS

Published September 21, 2017

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856.

Key dates

02Disclosure timeline

September 21, 2017 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-12254 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE