CVE-2017-3866
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-3866
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc79842 CSCvc79846 CSCvc79855 CSCvc79873 CSCvc79882 CSCvc79891. Known Affected Releases: 11.1.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Prime Service Catalog 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Prime Service Catalog(PSC)是美国思科公司(Cisco)的一套通过单一的门户网站提供所有IT服务的服务目录解决方案。该方案支持自动化订购计算、网络、存储和其他数据中心资源的统一服务目录。 Cisco PSC中的Web框架代码存在跨站脚本漏洞,该漏洞源于程序没有充分的验证传递到Web服务器上的参数。远程攻击者可通过诱使用户访问恶意的链接或拦截用户请求并注入恶意代码利用该漏洞在受影响的站点上下文中执行任意代码或获取基于浏览器的敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Cisco Prime Service Catalog | Cisco Prime Service Catalog | - |
II. Public POCs for CVE-2017-3866
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-3866
请登录查看更多情报信息。
Same Patch Batch · n/a · 2017-03-17 · 51 CVEs total
| CVE-2015-4645 | Squashfs和sasquatch 数字错误漏洞 | |
| CVE-2017-6961 | apng2gif 安全漏洞 | |
| CVE-2017-6967 | xrdp 安全漏洞 | |
| CVE-2017-6969 | GNU Binutils 安全漏洞 | |
| CVE-2017-0074 | Microsoft Windows Hyper-V 安全漏洞 | |
| CVE-2017-0095 | Microsoft Windows Hyper-V 安全漏洞 | |
| CVE-2017-0120 | Microsoft Windows Uniscribe 信息泄露漏洞 | |
| CVE-2017-6966 | GNU Binutils 安全漏洞 | |
| CVE-2017-6954 | WordPress BuddyPress Docs 安全漏洞 | |
| CVE-2015-7313 | Silicon Graphics LibTiff 安全漏洞 | |
| CVE-2017-6955 | WordPress Invite Anyone 安全漏洞 | |
| CVE-2015-3884 | qdPM 输入验证错误漏洞 | |
| CVE-2015-3883 | qdPM 跨站脚本漏洞 | |
| CVE-2015-3882 | qdPM 信息泄露漏洞 | |
| CVE-2015-3881 | qdPM 信息泄露漏洞 | |
| CVE-2014-9854 | ImageMagick 安全漏洞 | |
| CVE-2014-9853 | ImageMagick 安全漏洞 | |
| CVE-2014-9852 | ImageMagick 安全漏洞 | |
| CVE-2014-8723 | Cagintranet Networks GetSimple CMS 安全漏洞 | |
| CVE-2014-8722 | Cagintranet Networks GetSimple CMS 安全漏洞 |
Showing top 20 of 51 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Cisco Prime Service Catalog
- CVE-2022-20680
Cisco Prime Service Catalog Information Disclosure Vulnerabi - CVE-2019-1874
Cisco Prime Service Catalog Cross-Site Request Forgery Vulne - CVE-2019-1875
Cisco Prime Service Catalog Cross-Site Scripting Vulnerabili - CVE-2018-15451
Cisco Prime Service Catalog Cross-Site Scripting Vulnerabili - CVE-2018-0285
Cisco Prime Service Catalog 安全漏洞
V. Comments for CVE-2017-3866
No comments yet