CVE-2023-20228

Summary

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Identity Services Engine SoftwareN/Aaffected
CiscoCisco Unified Computing System (Standalone)3.1(1d)affected
CiscoCisco Unified Computing System (Standalone)3.1(2b)affected
CiscoCisco Unified Computing System (Standalone)3.1(2c)affected
CiscoCisco Unified Computing System (Standalone)3.1(2d)affected
CiscoCisco Unified Computing System (Standalone)3.1(2e)affected
CiscoCisco Unified Computing System (Standalone)3.1(2g)affected
CiscoCisco Unified Computing System (Standalone)3.1(2i)affected
CiscoCisco Unified Computing System (Standalone)3.1(3a)affected
CiscoCisco Unified Computing System (Standalone)3.1(3b)affected
CiscoCisco Unified Computing System (Standalone)3.1(3c)affected
CiscoCisco Unified Computing System (Standalone)3.1(3d)affected
CiscoCisco Unified Computing System (Standalone)3.1(3g)affected
CiscoCisco Unified Computing System (Standalone)3.1(3h)affected
CiscoCisco Unified Computing System (Standalone)3.1(3i)affected
CiscoCisco Unified Computing System (Standalone)3.1(3j)affected
CiscoCisco Unified Computing System (Standalone)3.1(3k)affected
CiscoCisco Unified Computing System (Standalone)4.0(1.240)affected
CiscoCisco Unified Computing System (Standalone)4.0(1a)affected
CiscoCisco Unified Computing System (Standalone)4.0(1b)affected
CiscoCisco Unified Computing System (Standalone)4.0(1c)affected
CiscoCisco Unified Computing System (Standalone)4.0(1d)affected
CiscoCisco Unified Computing System (Standalone)4.0(1e)affected
CiscoCisco Unified Computing System (Standalone)4.0(1g)affected
CiscoCisco Unified Computing System (Standalone)4.0(1h)affected
CiscoCisco Unified Computing System (Standalone)4.0(2c)affected
CiscoCisco Unified Computing System (Standalone)4.0(2d)affected
CiscoCisco Unified Computing System (Standalone)4.0(2f)affected
CiscoCisco Unified Computing System (Standalone)4.0(2g)affected
CiscoCisco Unified Computing System (Standalone)4.0(2h)affected
CiscoCisco Unified Computing System (Standalone)4.0(2i)affected
CiscoCisco Unified Computing System (Standalone)4.0(2l)affected
CiscoCisco Unified Computing System (Standalone)4.0(2n)affected
CiscoCisco Unified Computing System (Standalone)4.0(4b)affected
CiscoCisco Unified Computing System (Standalone)4.0(4c)affected
CiscoCisco Unified Computing System (Standalone)4.0(4d)affected
CiscoCisco Unified Computing System (Standalone)4.0(4e)affected
CiscoCisco Unified Computing System (Standalone)4.0(4f)affected
CiscoCisco Unified Computing System (Standalone)4.0(4h)affected
CiscoCisco Unified Computing System (Standalone)4.0(4i)affected
CiscoCisco Unified Computing System (Standalone)4.0(4k)affected
CiscoCisco Unified Computing System (Standalone)4.0(4l)affected
CiscoCisco Unified Computing System (Standalone)4.0(4m)affected
CiscoCisco Unified Computing System (Standalone)4.0(2o)affected
CiscoCisco Unified Computing System (Standalone)4.0(2p)affected
CiscoCisco Unified Computing System (Standalone)4.0(4n)affected
CiscoCisco Unified Computing System (Standalone)4.0(2q)affected
CiscoCisco Unified Computing System (Standalone)4.0(2r)affected
CiscoCisco Unified Computing System (Standalone)4.1(1c)affected
CiscoCisco Unified Computing System (Standalone)4.1(1d)affected
CiscoCisco Unified Computing System (Standalone)4.1(1f)affected
CiscoCisco Unified Computing System (Standalone)4.1(1g)affected
CiscoCisco Unified Computing System (Standalone)4.1(2a)affected
CiscoCisco Unified Computing System (Standalone)4.1(1h)affected
CiscoCisco Unified Computing System (Standalone)4.1(2b)affected
CiscoCisco Unified Computing System (Standalone)4.1(2f)affected
CiscoCisco Unified Computing System (Standalone)4.1(2e)affected
CiscoCisco Unified Computing System (Standalone)4.1(3b)affected
CiscoCisco Unified Computing System (Standalone)4.1(2d)affected
CiscoCisco Unified Computing System (Standalone)4.1(3c)affected
CiscoCisco Unified Computing System (Standalone)4.1(3d)affected
CiscoCisco Unified Computing System (Standalone)4.1(2g)affected
CiscoCisco Unified Computing System (Standalone)4.1(3f)affected
CiscoCisco Unified Computing System (Standalone)4.1(2h)affected
CiscoCisco Unified Computing System (Standalone)4.1(2j)affected
CiscoCisco Unified Computing System (Standalone)4.1(2k)affected
CiscoCisco Unified Computing System (Standalone)4.1(2l)affected
CiscoCisco Unified Computing System (Standalone)4.1(3h)affected
CiscoCisco Unified Computing System (Standalone)4.1(3i)affected
CiscoCisco Unified Computing System (Standalone)4.1(3l)affected
CiscoCisco Unified Computing System (Standalone)4.2(1a)affected
CiscoCisco Unified Computing System (Standalone)4.2(1b)affected
CiscoCisco Unified Computing System (Standalone)4.2(1c)affected
CiscoCisco Unified Computing System (Standalone)4.2(1e)affected
CiscoCisco Unified Computing System (Standalone)4.2(1f)affected
CiscoCisco Unified Computing System (Standalone)4.2(1g)affected
CiscoCisco Unified Computing System (Standalone)4.2(1i)affected
CiscoCisco Unified Computing System (Standalone)4.2(1j)affected
CiscoCisco Unified Computing System (Standalone)4.2(2a)affected
CiscoCisco Unified Computing System (Standalone)4.2(2f)affected
CiscoCisco Unified Computing System (Standalone)4.2(2g)affected
CiscoCisco Unified Computing System (Standalone)4.2(3b)affected
CiscoCisco Unified Computing System (Standalone)4.2(3d)affected
CiscoCisco Unified Computing System (Standalone)4.2(3e)affected
CiscoCisco Unified Computing System (Standalone)4.3(1.230097)affected
CiscoCisco Unified Computing System (Standalone)4.3(1.230124)affected
CiscoCisco Unified Computing System (Standalone)4.3(1.230138)affected
CiscoCisco Unified Computing System E-Series Software (UCSE)2.1.0affected
CiscoCisco Unified Computing System E-Series Software (UCSE)2.4.0affected
CiscoCisco Unified Computing System E-Series Software (UCSE)2.4.1affected
CiscoCisco Unified Computing System E-Series Software (UCSE)2.4.2affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.1affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.2affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.3affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.4affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.6affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.7affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.10affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.11.1affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.8affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.11.3affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.11.5affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.12.2affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.13.6affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.2.14affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.1.1affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.1.2affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.1.3affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.1.4affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.1.5affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.1.0affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.0.1affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.0.2affected
CiscoCisco Unified Computing System E-Series Software (UCSE)2.3.1affected
CiscoCisco Unified Computing System E-Series Software (UCSE)2.3.2affected
CiscoCisco Unified Computing System E-Series Software (UCSE)2.3.3affected
CiscoCisco Unified Computing System E-Series Software (UCSE)2.3.5affected
CiscoCisco Unified Computing System E-Series Software (UCSE)2.2.1affected
CiscoCisco Unified Computing System E-Series Software (UCSE)2.2.2affected
CiscoCisco Unified Computing System E-Series Software (UCSE)2.0.0affected
CiscoCisco Unified Computing System E-Series Software (UCSE)2.10affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.06affected
CiscoCisco Unified Computing System E-Series Software (UCSE)3.02affected
CiscoCisco Unified Computing System E-Series Software (UCSE)4.11.1affected

Weaknesses

  • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CVE Program Container

Additional References

References