CVE-2020-3464 MEDIUM

CVE-2020-3464: Cisco UCS Director Stored Cross-Site Scripting Vulnerability

Vendor Cisco
Product Cisco UCS Director
Weakness CWE-79 · XSS
Published August 17, 2020
Last update November 13, 2024
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need administrative credentials on the affected device.

Key dates

02Disclosure timeline

August 17, 2020 CVE published
November 13, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-50548 WordPress Awesome Progress Bar plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability CVE-2025-3670 KiwiChat NextClient <= 6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter CVE-2024-11866 BMLT Tabbed Map <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1265 CodeAstro University Management System Attendance Management att_add.php cross site scripting CVE-2026-5191 Tiled Gallery Carousel Without JetPack <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-image-title'