Cisco Integrated Management Controller Cross-Site Scripting Vulnerability CVE-2017-6618
- CVSSv3 Score
- Vulnerability description
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack.
- Risk description
The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system.
Update to version 3.0.1d or later.
- Not available