CVE-2019-1670— Cisco Unified Intelligence Center 跨站脚本漏洞

Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Cisco Unified Intelligence Center 跨站脚本漏洞

Cisco Unified Intelligence Center是美国思科（Cisco）公司的一套基于Web的报表平台。该平台提供报告相关的业务数据和呼叫中心数据的展示功能。 Cisco Unified Intelligence Center 9.5(1)版本中的基于Web的管理界面存在跨站脚本漏洞，该漏洞源于程序没有充分地验证用户提交的值。远程攻击者可通过诱使该界面用户点击链接利用该漏洞向受影响系统提交任意请求。

N/A

N/A