CVE-2022-20802: XSS
First published: Fri May 27 2022(Updated: )
A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Enterprise Chat and Email | <12.6\(1\)es2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-20802?
CVE-2022-20802 is a vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) that allows an authenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
How does CVE-2022-20802 occur?
CVE-2022-20802 occurs due to insufficient validation of user-supplied input that is processed by the web interface of Cisco Enterprise Chat and Email (ECE).
What is the severity of CVE-2022-20802?
CVE-2022-20802 has a severity rating of 5.4, which is considered medium.
What software is affected by CVE-2022-20802?
The vulnerability affects Cisco Enterprise Chat and Email (ECE) version 12.6(1)es2.
How can CVE-2022-20802 be fixed?
To fix CVE-2022-20802, it is recommended to update to a fixed software version provided by Cisco.
- collector/nvd-index
- agent/references
- vendor/cisco
- canonical/cisco enterprise chat and email