Description
A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.
Reserved 2023-11-08 | Published 2024-04-03 | Updated 2024-08-01 | Assigner
ciscoMEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Problem types
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
11.5(1)
affected
11.6(1)
affected
11.6(1)_ES2
affected
11.6(1)_ES3
affected
11.6(1)_ES4
affected
11.6(1)_ES5
affected
11.6(1)_ES6
affected
11.6(1)_ES10
affected
11.6(1)_ES11
affected
11.6(1)_ES7
affected
11.6(1)_ES8
affected
11.6(1)_ES9
affected
11.6(1)_ES9a
affected
11.6(1)_ES12
affected
12.0(1)
affected
12.0(1)_ES1
affected
12.0(1)_ES2
affected
12.0(1)_ES3
affected
12.0(1)_ES4
affected
12.0(1)_ES5
affected
12.0(1)_ES5a
affected
12.0(1)_ES6
affected
12.0(1)_ES6_ET1
affected
12.0(1)_ES6_ET2
affected
12.0(1)_ES6_ET3
affected
12.0(1)_ES7
affected
12.0(1)_ES7_ET1
affected
12.5(1)
affected
12.5(1)_ES1
affected
12.5(1)_ES2
affected
12.5(1)_ES3
affected
12.5(1)_ES3_ET1
affected
12.5(1)_ET1
affected
12.5(1)_ES4
affected
12.5(1)_ES3_ET2
affected
12.5(1)_ES4_ET1
affected
12.5(1)_ES5
affected
12.5(1)_ES5_ET1
affected
12.5(1)_ES6
affected
12.5(1)_ES7
affected
12.5(1)_ES8
affected
12.6(1)
affected
12.6(1)_ET1
affected
12.6(1)_ET2
affected
12.6(1)_ES1
affected
12.6(1)_ET3
affected
12.6(1)_ES1_ET1
affected
12.6(1)_ES2
affected
12.6(1)_ES3
affected
12.6(1)_ES4
affected
12.6(1)_ES4_ET1
affected
12.6(1)_ES5
affected
12.6(1)_ES5_ET1
affected
12.6(1)_ES5_ET2
affected
12.6(1)_ES6
affected
12.6(1)_ES6_ET1
affected
12.6(1)_ES6_ET2
affected
12.6_ES2_ET1
affected
12.6_ES2_ET2
affected
12.6_ES2_ET3
affected
12.6_ES2_ET4
affected
12.6_ES3_ET1
affected
12.6_ES3_ET2
affected
References
sec.cloudapps.cisco.com/...dvisory/cisco-sa-ece-xss-CSQxgxfM (cisco-sa-ece-xss-CSQxgxfM)
cve.org (CVE-2024-20367)
nvd.nist.gov (CVE-2024-20367)
Download JSON