Cisco Security Manager (CSM) is a set of enterprise-level management applications from Cisco, which are used to configure firewall, VPN, and intrusion protection security services on Cisco networks and security devices. cross-site scripting vulnerability exists in Cisco Security Manager, which stems from the product’s Web-based management interface not effectively handling special characters for user input data. Web-based management interface does not effectively handle special characters for user input data. An attacker could execute arbitrary script code in the context of the interface or access sensitive, browser-based information through this vulnerability.