Preview Tool

Cisco Bug: CSCun50687 - Cisco Prime Security Manager Cross Site Scripting Vulnerability

Last Modified

Sep 23, 2017

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases

9.2(1.2.50) 9.2(1.2.69)

Description (partial)

Cisco Prime Security Manager is vulnerable to Cross Site Scripting (XSS) attacks.

Default configuration.

Multiple dashboard page components lack of sanitation on the URL parameters, which allows an attacker to inject HTML/JavaScript.

Affected pages (/dashboard/dashboardpage/<page>):
* ASATrafficDashboard
* Dashboard
* DeviceSummaryDashboard
* Domains
* MaliciousTrafficDashboard
* Policies
* ThreatProtection
* Urls
* Userdevices
* Users
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.