CVE-2018-0149

Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller Supervisor Software (affected versions not specified) Cisco UCS Director Software (affected versions not specified)

Description: A stored cross-site scripting (XSS) issue exists due to insufficient validation of user-supplied input by the web-based management interface. This could allow an authenticated, remote attacker to conduct a DOM-based XSS attack against a user of the interface. The attacker could exploit this by persuading a user to click a malicious link, potentially executing arbitrary script code in the context of the affected interface or accessing sensitive browser-based information.

Recommendations: For Cisco Integrated Management Controller Supervisor Software, update to a version that addresses the issue, specifically fixing Cisco Bug ID CSCvh12994. For Cisco UCS Director Software, update to a version that addresses the issue, specifically fixing Cisco Bug ID CSCvh12994.