Cisco Prime NCS and WCS Health Monitor Login pages contain a reflected cross-site scripting (XSS) vulnerability (CWE-79).
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) Health Monitor Login pages contain an input validation error which results in a reflected cross-site scripting vulnerability that can allow an attacker to inject arbitrary HTML content (including script).
We are currently unaware of a practical solution to this problem.
Thanks to Tenable Network Security for reporting this vulnerability.
This document was written by Adam Rauf.
|Date First Published:||2013-09-03|
|Date Last Updated:||2013-09-13 19:22 UTC|