A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.
This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.
References
Link | Resource |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2023-09-27T17:24:32.381Z
Updated: 2024-01-25T16:57:50.945Z
Reserved: 2022-10-27T18:47:50.363Z
Link: CVE-2023-20179
JSON object: View
NVD Information
Status : Modified
Published: 2023-09-27T18:15:10.987
Modified: 2024-01-25T17:15:32.757
Link: CVE-2023-20179
JSON object: View
Redhat Information
No data.