CVE-2021-1582

Summary

CVE	CVE-2021-1582
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-08-25 20:15:00 UTC
Updated	2023-11-07 03:28:00 UTC
Description	A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Cisco	Application Policy Infrastructure Controller	All	All	All	All
Application	Cisco	Cloud Application Policy Infrastructure Controller	All	All	All	All

References

Reference	Source	Link	Tags
Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability	CISCO	tools.cisco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

317029 Cisco Application Policy Infrastructure Controller (APIC) Stored Cross-Site Scripting Vulnerability (cisco-sa-capic-scss-bFT75YrM)