Tuesday, December 1, 2015

Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.

The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/1TrS2dk

from Cisco Security Advisory http://ift.tt/1TrS2dk
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)