Multiple vulnerabilities in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to execute a stored cross-site scripting (XSS) attack against a user of the Cisco FireSIGHT Management Center web interface.
 
The vulnerabilities are due to improper sanitization of parameter values. An attacker could exploit these vulnerabilities by injecting malicious code into an affected parameter and persuading a user to access a web page that requires reading or executing the parameter.

Cisco released software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT

Leave a Reply