CVE-2015-4270 — Cross-site Scripting in Cisco Firesight System Software

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 50.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firesight System Software

Timeline

PublishedJul 14

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/firesight_system_software5.3.1.5, 6.0.0+1

🔴Vulnerability Details

GHSA

GHSA-vv8w-vhh3-w2fc: Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5↗2022-05-17

▶

CVEList

CVE-2015-4270: Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5↗2015-07-14

▶

📋Vendor Advisories

Cisco

Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerabilities↗2015-07-13

▶