CVE-2014-3367

Name of the Vulnerable Software and Affected Versions Cisco Nexus 1000V InterCloud for VMware (affected versions not specified)

Description The issue is related to a cross-site scripting (XSS) vulnerability in the vCloud Director component, allowing remote attackers to inject arbitrary web script or HTML via an unspecified value. This is due to insufficient input validation of a user-supplied value. An attacker could exploit this by convincing a user to click a specific link, potentially directing them to a malicious site. The attacker may use misleading language or instructions to persuade the user to follow the provided link.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.