Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability

Cisco FireSIGHT Management Center (MC) contains a DOM-based cross-site scripting vulnerability (XSS) in the management page. An unauthenticated, remote attacker could persuade a user to perform a malicious action, allowing the attacker to perform a XSS attack.

The vulnerability is due to mishandling of certain attributes that are processed in cookies passed as part of a request. A successful exploit could allow the attacker to execute arbitrary script or HTML code on the user’s browser in the context of the affected site.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1”]