Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/54891?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54891?format=api", "vulnerability_id": "VCID-43g8-9z2b-2fa2", "summary": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", "aliases": [ { "alias": "CVE-2024-20273" } ], "fixed_packages": [], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57516", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20273" }, { "reference_url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", "reference_id": "cisco-sa-fmc-xss-dhJxQYZs", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:40:06Z/" } ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs" }, { "reference_url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", "reference_id": "cisco-sa-fmc-xss-M446vbEO", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:40:06Z/" } ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO" }, { "reference_url": "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300", "reference_id": "viewErp.x?alertId=ERP-75300", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:40:06Z/" } ], "url": "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300" } ], "weaknesses": [ { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." } ], "exploits": [], "severity_range_score": "6.1 - 6.1", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43g8-9z2b-2fa2" }