Skip to main content

Unified Computing System Central Software CVE-2016-1401

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2016-05-21 psirt@cisco.com
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 21, 2016 - 01:59 cve.org
MEDIUM 6.1

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.

AnalysisAI

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. Affected products include: Cisco Unified Computing System Central Software.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2015-0701 CRITICAL
10.0 May 07

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP reque

CVE-2016-1352 CRITICAL
9.8 Apr 14

Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary O

CVE-2018-0113 HIGH
8.8 Feb 08

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute ar

CVE-2018-0094 HIGH
7.5 Jan 18

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote

CVE-2014-0730 MEDIUM
6.8 Feb 22

Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI co

CVE-2017-12349 MEDIUM
5.4 Nov 30

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attack

CVE-2017-12348 MEDIUM
5.4 Nov 30

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attack

CVE-2015-6388 MEDIUM
5.0 Dec 05

Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request fo

CVE-2015-4286 MEDIUM
5.0 Jul 29

The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted

CVE-2015-6387 MEDIUM
4.3 Dec 05

Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote

CVE-2021-1354 LOW
3.5 Feb 04

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could a

Share

CVE-2016-1401 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy