CVE-2020-3491

Name of the Vulnerable Software and Affected Versions Cisco Vision Dynamic Signage Director (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The issue exists because the interface does not properly validate user-supplied input, allowing an attacker to insert malicious data into a specific data field and potentially execute arbitrary script code or access sensitive browser-based information.

Recommendations To resolve the issue, update the Cisco Vision Dynamic Signage Director to a version that properly validates user-supplied input in the web-based management interface. As a temporary workaround, consider restricting access to the interface to minimize the risk of exploitation. Additionally, ensure that only trusted users with administrative privileges have access to the interface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.