VDB
CVE-2021-1582
CVE-2021-1582
PUBLISHED
CVSS 5.400000095367432 MEDIUM
A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information.
EPSS 0.17% · 38.0th percentile
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.17%
38.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | application_policy_infrastructure_controller | 0, 4.0, 5.0 |
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) | n/a |
| cisco | cloud_application_policy_infrastructure_controller | 0, 4.0, 5.0 |
Exploit Intelligence
Timeline
- Aug 25, 2021 CVE Published
- Aug 26, 2021 EPSS Score
- Oct 23, 2021 EPSS Score
- Dec 20, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 17, 2022 EPSS Score
- Apr 16, 2022 EPSS Score
- Jun 13, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Oct 8, 2022 EPSS Score
- Dec 5, 2022 EPSS Score
- Feb 2, 2023 EPSS Score