2 matches found
Cross site scripting
Cisco Prime Infrastructure 2.22 does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCuw65846, a different...
CVE-2015-6434
Cisco Prime Infrastructure is affected by CVE-2015-6434 due to improper restriction of IFRAME elements in its web interface, enabling remote attackers to perform clickjacking via a crafted site. Root cause: insufficient HTML iframe protection (XFS). Impact: client-side browser attacks may be poss...