Описание
Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cisco:prime_infrastructure:2.2\(2\):*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00238
Низкий
4.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434.
EPSS
Процентиль: 47%
0.00238
Низкий
4.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-284