CVE-2016-1293

Опубликовано: 16 янв. 2016

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT
Vendor Advisory
http://www.securitytracker.com/id/1034689
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT
Vendor Advisory
http://www.securitytracker.com/id/1034689
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00229

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-945r-v7jc-f447