Guest

Preview Tool

Cisco Bug: CSCuq80661 - Cisco Prime Security Manager Cross Site Scripting Vulnerability

Last Modified

Aug 11, 2015

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases

9.2(1.4.5)

Description (partial)



Symptom:


A vulnerability in the web framework of Cisco Prime Security Manager could allow an unauthenticated, remote attacker to conduct a cross-site 
scripting (XSS) attack against a user of the web interface on the affected system.



Conditions:


An attacker who can convince a user to follow an attacker supplied link could cause arbitrary script or HTML code to be executed on the users
browser within the context of the affected site.

The vulnerability is due to insufficient input validation of several parameters in the Access Polices and Device Summary Dashboard related HTML 
pages.

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.