Vulnerability Details CVE-2022-20631
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.
The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious script code in a chat window. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.8%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2022-20631
-
cpe:2.3:a:cisco:enterprise_chat_and_email:-
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.5(1)
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.6(1)
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.6(1)es10
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.6(1)es11
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.6(1)es2
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.6(1)es3
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.6(1)es4
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.6(1)es5
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.6(1)es6
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.6(1)es7
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.6(1)es8
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.6(1)es9
-
cpe:2.3:a:cisco:enterprise_chat_and_email:11.6(1)es9a
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.0(1)
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.0(1)es1
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.0(1)es2
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.0(1)es3
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.0(1)es4
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.0(1)es5
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.0(1)es5a
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.0(1)es6
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.0(1)es6_et1
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.5(1)
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.5(1)es1
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.5(1)es2
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.5(1)es3
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.5(1)es3_et1
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.5(1)es9
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.5(1)et1
-
cpe:2.3:a:cisco:enterprise_chat_and_email:12.6(1)