A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack.The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks.
Cisco has not released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
This advisory is available at the following link: http://ift.tt/1OJBC1V
from Cisco Security Advisory http://ift.tt/1OJBC1V
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.