A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.
History

Mon, 23 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-09-27T17:24:32.381Z

Updated: 2024-09-23T15:05:43.568Z

Reserved: 2022-10-27T18:47:50.363Z

Link: CVE-2023-20179

cve-icon Vulnrichment

Updated: 2024-08-02T09:05:35.783Z

cve-icon NVD

Status : Modified

Published: 2023-09-27T18:15:10.987

Modified: 2024-11-21T07:40:45.417

Link: CVE-2023-20179

cve-icon Redhat

No data.