CVE-2017-12254

CVE Database · CVE-2017-12254

CVE-2017-12254

· N/AModified

CVSS v3.1

N/A

EPSS

2.34%

Published

Sep 21, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856.

Weaknesses (CWE)

CWE-79CWE-79

Affected Products (1)

cisco · unified_intelligence_centervulnerable

References (6)

http://www.securityfocus.com/bid/100922

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039410

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2

Vendor Advisory

http://www.securityfocus.com/bid/100922

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039410

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2

KEV Catalog EPSS Scores Vendors All CVEs