{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T11:56:26.295","vulnerabilities":[{"cve":{"id":"CVE-2017-6776","sourceIdentifier":"psirt@cisco.com","published":"2017-08-17T20:29:00.620","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd76324. Known Affected Releases: 2.2(9.76) and 2.3(1)."},{"lang":"es","value":"Una vulnerabilidad en el framework red de Cisco Elastic Services Controller (ESC) podría permitir que un atacante remoto sin autenticar lleve a cabo un ataque de tipo Cross-Site Scripting (XSS) contra un usuario de dicha interfaz. La vulnerabilidad se debe a la validación insuficiente de entrada de datos del usuario por parte del software afectado. Un atacante podría explotar esta vulnerabilidad convenciendo a un usuario de que acceda a un enlace malicioso o interceptando una petición de usuario e inyectando código malicioso en la petición. Si se explota esta vulnerabilidad con éxito, el atacante podría ejecutar código de script arbitrario en el contexto del sitio afectado o permitir que el atacante pueda acceder a información sensible del navegador. Cisco Bug IDs: CSCvd76324. Versiones afectadas conocidas: 2.2(9.76) and 2.3(1)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:elastic_services_controller:2.2\\(9.76\\):*:*:*:*:*:*:*","matchCriteriaId":"E20A8B43-6D8F-468D-8194-0D8125742D39"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:elastic_services_controller:2.3\\(1\\):*:*:*:*:*:*:*","matchCriteriaId":"053E82A5-8630-4197-B428-69B0E0E5E1F3"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/100370","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc2","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/100370","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}