VDB
CVE-2023-20228
CVE-2023-20228
PUBLISHED
CVSS 6.099999904632568 MEDIUM
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
EPSS 0.10% · 27.1th percentile
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.10%
27.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Identity Services Engine Software | N/A |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(2c), 3.1(2d), 3.1(2e) |
| cisco | ucs_e180d_m3_firmware | 0 |
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) | 2.1.0, 3.2.2, 3.2.4 |
| cisco | encs_5400_firmware | 3.2 |
| cisco | ucs_c220_m5_rack_server_firmware | 4.2 |
| cisco | ucs_e160s_m3_firmware | 0 |
| cisco | encs_5100_firmware | 3.2 |
| cisco | ucs-e1120d-m3_firmware | 0 |
Exploit Intelligence
- cisco-sa-cimc-xss-UMYtYEtr (circl)
Timeline
- Aug 16, 2023 CVE Published
- Aug 18, 2023 EPSS Score
- Sep 20, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
- Nov 26, 2023 EPSS Score
- Dec 29, 2023 EPSS Score
- Feb 1, 2024 EPSS Score
- Mar 5, 2024 EPSS Score
- Apr 7, 2024 EPSS Score
- May 10, 2024 EPSS Score
- Jun 13, 2024 EPSS Score
- Jul 16, 2024 EPSS Score