Cross-Site Scripting Vulnerabilities in Cisco Common Services
CVE-2015-0594

Currently unrated

Key Information:

Vendor: Cisco
Status: Security Manager; Prime Lan Management Solution
Vendor: CVE Published:; 27 February 2015

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the help pages of Cisco Common Services, affecting products like Cisco Prime LAN Management Solution and Cisco Security Manager. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML through unspecified input parameters, potentially compromising the integrity of the web applications. Users of affected products should review security guidelines and apply necessary patches to mitigate these risks.

References

http://www.securitytracker.com/id/1031813

vdb-entryx_refsource_SECTRACK

http://www.securitytracker.com/id/1031814

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Feb 27, 2015
Vulnerability Reserved
Jan 7, 2015