CVE-2022-20969

2022-11-0418:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cisco

umbrella

vulnerability

cve-2022-20969

cross-site scripting

xss

nvd

security

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.2%

JSON

A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard.

This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.

Affected configurations

NVD

Node

ciscoumbrellaMatch003.003\(000\)

CPENameOperatorVersion
cisco:umbrellacisco umbrellaeq003.003\(000\)

CPE	Name	Operator	Version
cisco:umbrella	cisco umbrella	eq	003.003\(000\)

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Umbrella Dashboard",
    "versions": [
      {
        "version": "N/A",
        "status": "affected"
      }
    ]
  }
]