A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
21 Nov 2024, 07:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-UMYtYEtr - Vendor Advisory |
31 Aug 2023, 15:01
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
References | (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-UMYtYEtr - Vendor Advisory | |
First Time |
Cisco ucs E160s M3
Cisco encs 5400 Cisco ucs C220 M5 Rack Server Firmware Cisco encs 5100 Firmware Cisco ucs E180d M3 Cisco encs 5400 Firmware Cisco ucs C220 M5 Rack Server Cisco encs 5100 Cisco ucs E160s M3 Firmware Cisco ucs E180d M3 Firmware Cisco ucs-e1120d-m3 Cisco ucs-e1120d-m3 Firmware Cisco |
|
CPE | cpe:2.3:h:cisco:ucs_c220_m5_rack_server:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ucs_e180d_m3:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ucs_e180d_m3_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:ucs_e160s_m3:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ucs-e1120d-m3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:encs_5400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:encs_5100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ucs_c220_m5_rack_server_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ucs_e160s_m3_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
16 Aug 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-16 21:15
Updated : 2024-11-21 07:40
NVD link : CVE-2023-20228
Mitre link : CVE-2023-20228
CVE.ORG link : CVE-2023-20228
JSON object : View
Products Affected
cisco
- encs_5400
- ucs_e180d_m3_firmware
- ucs_e160s_m3_firmware
- ucs_c220_m5_rack_server_firmware
- ucs-e1120d-m3_firmware
- ucs_e160s_m3
- ucs_c220_m5_rack_server
- ucs-e1120d-m3
- ucs_e180d_m3
- encs_5100
- encs_5400_firmware
- encs_5100_firmware