CVE-2018-15451

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.

Severity	MEDIUM
CVSS	5.4
CWE	CWE-79
KEV
Published	7 years ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco RV Series Routers	cisco-sa-20181107-psc-xss
Cisco Nexus Dashboard	cisco-sa-20181107-psc-xss
8110 Series Broadband Network Termination Units	cisco-sa-20181107-psc-xss
Cisco Prime Service Catalog	cisco-sa-20181107-psc-xss