Lucene search
PRIOn knowledge basePRION:CVE-2023-20179HistorySep 27, 2023 - 6:15 p.m.
Input validation
2023-09-2718:15:00
PRIOn knowledge base
www.prio-n.com
3
cisco
catalyst sd-wan manager
web-based
html injection
user validation
remote attacker
browser-based attacks
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.
This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sd-wan_vmanage | ge | 20.7 | |
| sd-wan_vmanage | lt | 20.10 | |
| sd-wan_vmanage | lt | 20.6.6 |
Related
nessus
nessus
nvd
nvd
CVE-2023-20179
2023-09-27 18:15:10
cnvd
cnvd
Cisco Catalyst SD-WAN Manager HTML Injection Vulnerability
2023-10-07 00:00:00
cve
cve
CVE-2023-20179
2023-09-27 18:15:10
cisco
cisco
Cisco Catalyst SD-WAN Manager Web UI HTML Injection Vulnerability
2023-09-27 16:00:00
cvelist
cvelist
CVE-2023-20179
2023-09-27 17:24:32