Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to execute a stored cross-site scripting (XSS) attack against a user of the Cisco FireSIGHT Management Center web interface.

 

The vulnerabilities are due to improper sanitization of parameter values. An attacker could exploit these vulnerabilities by injecting malicious code into an affected parameter and persuading a user to access a web page that requires reading or executing the parameter.

 

Pages