Preview Tool

Cisco Bug: CSCuq80661 - Cisco Prime Security Manager Cross Site Scripting Vulnerability

Last Modified

Sep 13, 2019

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases


Description (partial)


A vulnerability in the web framework of Cisco Prime Security Manager could allow an unauthenticated, remote attacker to conduct a cross-site 
scripting (XSS) attack against a user of the web interface on the affected system.


An attacker who can convince a user to follow an attacker supplied link could cause arbitrary script or HTML code to be executed on the users
browser within the context of the affected site.

The vulnerability is due to insufficient input validation of several parameters in the Access Polices and Device Summary Dashboard related HTML 

Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.