Cross-Site Scripting Vulnerabilities in Cisco Prime Security Manager by Cisco
CVE-2014-3365

Currently unrated

Key Information:

Vendor: Cisco
Status: Prime Security Manager
Vendor: CVE Published:; 12 February 2015

Summary

Cisco Prime Security Manager (PRSM) versions up to 9.2.x are susceptible to multiple cross-site scripting vulnerabilities that enable remote attackers to inject arbitrary web script or HTML. This can occur through malicious input submitted to certain pages such as the Dashboard or Configure Realm page. Attackers leveraging this vulnerability can execute unauthorized scripts in the context of a user session, potentially leading to data theft and unauthorized actions within the application.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/100756

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 12, 2015
Vulnerability Reserved
May 7, 2014