{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T17:27:18.627","vulnerabilities":[{"cve":{"id":"CVE-2021-1127","sourceIdentifier":"psirt@cisco.com","published":"2021-01-13T22:15:14.410","lastModified":"2024-11-21T05:43:38.920","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de administración basada en web del software Cisco Enterprise NFV Infrastructure Software (NFVIS), podría permitir a un atacante autenticado remoto conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de administración basada en web. La vulnerabilidad es debido a una comprobación inapropiada de entrada del contenido del archivo de registro almacenado en el dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al modificar un archivo de registro con código malicioso y haciendo que un usuario visualice el archivo de registro modificado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4.1","matchCriteriaId":"9A232F87-498C-4564-91FE-A09DD08FD8D6"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-xss-smsz5Vhb","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-xss-smsz5Vhb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}