Cisco Bug: CSCuq80661 - Cisco Prime Security Manager Cross Site Scripting Vulnerability
Aug 11, 2015
- Cisco ASA Next-Generation Firewall Services
Known Affected Releases
Symptom: A vulnerability in the web framework of Cisco Prime Security Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface on the affected system. Conditions: An attacker who can convince a user to follow an attacker supplied link could cause arbitrary script or HTML code to be executed on the users browser within the context of the affected site. The vulnerability is due to insufficient input validation of several parameters in the Access Polices and Device Summary Dashboard related HTML pages.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases