VDB
CVE-2022-20969
CVE-2022-20969
PUBLISHED
CVSS 4.800000190734863 MEDIUM
A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.
EPSS 0.13% · 32.4th percentile
Risk Scores
CVSS 3.1
4.800000190734863
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.13%
32.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | umbrella | * |
| Cisco | Cisco Umbrella Dashboard | * |
Exploit Intelligence
- cisco-sa-umbrella-xss-LfeYQV3 (circl)
Timeline
- Nov 3, 2022 CVE Published
- Nov 5, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Dec 29, 2022 EPSS Score
- Jan 30, 2023 EPSS Score
- Feb 22, 2023 EPSS Score
- Mar 15, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jun 9, 2023 EPSS Score
- Jul 22, 2023 EPSS Score
- Sep 3, 2023 EPSS Score
- Oct 16, 2023 EPSS Score