A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. This vulnerability has been fixed in the current version of Cisco Umbrella. Cisco Umbrella is a cloud service.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2019-04-18T00:30:16.195205Z
Updated: 2024-09-16T18:39:14.219Z
Reserved: 2018-12-06T00:00:00
Link: CVE-2019-1792
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-04-18T01:29:02.343
Modified: 2023-03-24T18:13:46.850
Link: CVE-2019-1792
Redhat
No data.