Cisco Bug: CSCul56331 - PRSM: Policy Name HTML injection
Last Modified
Aug 06, 2018
Products (1)
- Cisco ASA Next-Generation Firewall Services
Known Affected Releases
9.2(1.1.48)
Description (partial)
Symptom: HTML char were not escaped properly when a new policy was created. This could lead to a HTML code being rendered when deleting a policy with a name containing HTML. Conditions: The issue is only with HTML car. No Javascript or other executable code can be injected via this method. A user would need to have access to the device and be able to create a new policy.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases