CVE-2018-0367

CVE-2018-0367

Vendor Cisco Systems, Inc.
Product Registered Envelope Service
Weakness CWE-79 · XSS
Published August 15, 2018
Last update November 26, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CVE-2018-0367.

Key dates

02Disclosure timeline

August 15, 2018 CVE published
November 26, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-6460 Display During Conditional Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter CVE-2025-43783 CVE-2025-13977 Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-3213 Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014 CVE-2026-34816 Endian Firewall /manage/smtpscan/domainrouting/ domain Stored Cross-Site Scripting