CyberSec.Space Logo
返回 CVE 浏览器

CVE-2015-6337

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1490%
EPSS Percentile28.34th
Published2016年1月26日
Last Modified2026年5月6日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238.

Affected Platforms (CPE)

📦
Cisco

Application Policy Infrastructure Controller Enterprise Module

= 1.0.10
📦
Cisco

Application Policy Infrastructure Controller Enterprise Module

= 1.0_ga

References & Advisories

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-api
🔗 http://www.securitytracker.com/id/1034827
🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-api
🔗 http://www.securitytracker.com/id/1034827

相关漏洞威胁

CVE-2017-122628.8

A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (API...

CVE-2016-13658.8

The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote a...

CVE-2016-13867.5

The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof ...

CVE-2017-38737.5

A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Ligh...