CVE-2019-1856
Summary
| CVE | CVE-2019-1856 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-05-03 17:29:00 UTC |
| Updated | 2019-05-06 08:29:00 UTC |
| Description | A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance (PCA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to the insufficient validation of data supplied by external devices to the web-based management interface of an affected PCA device. An attacker in control of devices integrated with an affected PCA device could exploit this vulnerability by using crafted data in certain fields of the controlled devices. A successful exploit could allow the attacker to execute arbitrary script code in the context of the PCA web-based management interface or allow the attacker to access sensitive browser-based information. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Prime Collaboration Assurance | 12.1 | All | All | All |
| Application | Cisco | Prime Collaboration Assurance | 12.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Cisco Prime Collaboration Assurance CVE-2019-1856 Cross Site Scripting Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.