How severe is CVE-2020-3491?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2020-3491?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2020-3491 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected device.

Related Vulnerabilities

CVE-2004-1865

MEDIUM

CVSS:4.8(Medium)

Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name (...

CWE-792004

CVE-2010-2472

MEDIUM

CVSS:4.8(Medium)

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which co...

CWE-792010

CVE-2011-3352

MEDIUM

CVSS:4.8(Medium)

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula admi...

CWE-792011

CVE-2012-1637

MEDIUM

CVSS:4.8(Medium)

Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.

CWE-792012

CVE-2012-1932

MEDIUM

CVSS:4.8(Medium)

A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting.

CWE-792012

CVE-2012-2078

MEDIUM

CVSS:4.8(Medium)

Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.

CWE-792012