CVE-2017-6789

Name of the Vulnerable Software and Affected Versions Cisco Unified Intelligence Center version 11.0(1)ES10

Description A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The issue occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this by sending crafted URLs that contain malicious DOM statements to the affected system, potentially allowing the attacker to manipulate the database.

Recommendations For Cisco Unified Intelligence Center version 11.0(1)ES10, update the software to a version that includes the fix for the issue, as the current version is affected by the DOM-based XSS vulnerability.