CVE-2022-20765 MEDIUM

CVE-2022-20765: Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability

Vendor Cisco

Product Cisco UCS Director

Weakness CWE-80 · XSS · basic

Published May 27, 2022

Last update November 6, 2024

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

Description

A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms.

Key dates

Disclosure timeline

May 27, 2022 CVE published

November 6, 2024 Record updated