Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities

2016-01-15T11:00:00
ID CISCO-SA-20160115-FIRESIGHT
Type cisco
Reporter Cisco
Modified 2016-01-15T18:24:52

Description

Multiple vulnerabilities in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to execute a stored cross-site scripting (XSS) attack against a user of the Cisco FireSIGHT Management Center web interface.

The vulnerabilities are due to improper sanitization of parameter values. An attacker could exploit these vulnerabilities by injecting malicious code into an affected parameter and persuading a user to access a web page that requires reading or executing the parameter.

Cisco released software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT"]