漏洞标题
N/A
漏洞描述信息
Cisco 注册 envelope 服务(一个云服务)的网页界面存在多个漏洞,可能导致无验证的远程攻击者进行跨站脚本攻击(XSS)或将受影响的服务的用户引导到不必要的网页。这些漏洞是由于受影响服务基于网页的管理界面对用户提供输入验证不足造成的。攻击者可以通过说服用户点击恶意链接或发送一个HTTP请求,使得受影响的服务将请求重定向到指定的恶意URL上。成功利用这些漏洞可以让攻击者在该系统中的网页界面中执行任意脚本代码,或者让攻击者访问受影响系统中的敏感浏览器信息。这些漏洞也可以在未经用户同意的情况下将用户引导到恶意网站的攻击中使用。Cisco bug ID: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.
CVSS信息
N/A
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
Cisco Registered Envelope Service 跨站脚本漏洞
漏洞描述信息
Cisco Registered Envelope Service是美国思科(Cisco)公司的一套邮件服务解决方案。该产品包括邮件的读取回执、邮件回收、邮件转发和回复功能,并提供智能手机支持。 Cisco Registered Envelope Service中存在跨站脚本漏洞,该漏洞源于程序没有充分的验证用户提交的数据。远程攻击者可通过诱使用户点击恶意链接或通过发送HTTP请求利用该漏洞在受影响系统的Web界面的上下文中执行任意脚本代码或访问基于浏览器的敏感信息。
CVSS信息
N/A
漏洞类别
跨站脚本