← Back

CVE-2021-1582

nvd nist
Published: Aug 25, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information.

Affected (6)

Cisco
2 products
Application Policy Infrastructure Controller
Cloud Application Policy Infrastructure Controller
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Application Policy Infrastructure Controller
Before 3.2\(10f\)
Application Policy Infrastructure Controller
From 4.0 to 4.2\(7i\)
Application Policy Infrastructure Controller
From 5.0 to 5.2\(2f\)
Cisco
Cloud Application Policy Infrastructure Controller
Before 3.2\(10f\)
Cloud Application Policy Infrastructure Controller
From 4.0 to 4.2\(7i\)
Cloud Application Policy Infrastructure Controller
From 5.0 to 5.2\(1h\)

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: psirt@cisco.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.