Cisco Bug: CSCtb79198 - Stored Cross Site Scripting into Look & Feel Portlet Configuration
Feb 21, 2017
- CiscoWorks LMS Portal
Known Affected Releases
Symptom: A Stored Cross Site Scripting issue exists in CiscoWorks 3.2 private portal section. Conditions: Authenticated users can custom the Look & Feel portlets in LMS 1.2. Malicious scripts contained in a web page, link, email, etc. can be executed into a CiscoWorks authenticated user browser session.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases