CVE-2022-20765: Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability
First published: Fri May 27 2022(Updated: )
A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco UCS Director | <6.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco UCS Director vulnerability?
The vulnerability ID for this Cisco UCS Director vulnerability is CVE-2022-20765.
What is the severity level of CVE-2022-20765?
CVE-2022-20765 has a severity level of medium.
What is the affected software for CVE-2022-20765?
The affected software for CVE-2022-20765 is Cisco UCS Director version up to 6.6.
What is the CWE ID associated with CVE-2022-20765?
The CWE ID associated with CVE-2022-20765 is CWE-79 and CWE-80.
How can an attacker exploit CVE-2022-20765?
An attacker can exploit CVE-2022-20765 by conducting a cross-site scripting attack on an affected system using unsanitized user input.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/author
- agent/title
- agent/references
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/cisco
- canonical/cisco ucs director