CVE-2018-0208
A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CSCvg74126.
EPSS 0.25% · 48.3th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | email_encryption | 5.3.0 |
| n/a | Cisco Registered Envelope Service | Cisco Registered Envelope Service |
Exploit Intelligence
- Cve 2018-0208 (github-poc-repo)
- Cve 2018-0208 (github-poc-repo)
- Cve 2018-0208 (github-poc-repo)
- Cve 2018-0208 (github-poc-repo)
- Cve 2018-0208 (github-poc-repo)
- Cve 2018-0208 (github-poc)
- Cve 2018-0208 (github-poc)
- Cve 2018-0208 (github-poc)
- Cve 2018-0208 (github-poc)
- 103337 (circl)
…and 1 more exploits
Timeline
- Mar 8, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score