QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-1882

Back to search

CVE-2019-1882

Published: Jun 5, 2019

Modified: Nov 21, 2024

PUBLISHED

CVSS v3.0

5.4

MEDIUM

Description

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by sending requests containing malicious values to the affected system. A successful exploit could allow the attacker to conduct XSS attacks.

VendorProductVersions

Cisco

Cisco Industrial Network Director

affected
1.5(0.250)

Weaknesses (CWE)

CWE-79

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

108629
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now