Cisco Industrial Network Director Cross-Site Scripting Vulnerability

2017-06-07T16:00:00
ID CISCO-SA-20170607-IND
Type cisco
Reporter Cisco
Modified 2017-06-06T16:45:30

Description

A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system.

The vulnerability is due to insufficient validation of certain user-supplied input passed in the URL of an affected page. An attacker who can convince a user to follow a malicious link or visit an attacker-controlled website could cause arbitrary HTML or script code to be executed in the context of the affected site in the user’s browser. This could result in the attacker gaining the ability to disclose potentially sensitive information from the browser or modify the visual and operational conditions of the rendered URL.

A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system.

The vulnerability is due to insufficient validation of certain user-supplied input passed in the URL of an affected page. An attacker who can convince a user to follow a malicious link or visit an attacker-controlled website could cause arbitrary HTML or script code to be executed in the context of the affected site in the user’s browser. This could result in the attacker gaining the ability to disclose potentially sensitive information from the browser or modify the visual and operational conditions of the rendered URL.

There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind"]