CVE-2015-6354

CWE-79Cross-site Scripting (XSS)CWE-20Improper Input Validation4 documents4 sources
Severity
3.5LOW
EPSS
0.2%
top 59.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Firesight System Software
Timeline
PublishedOct 31
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDcisco/firesight_system_software5.4.1.3, 6.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-f525-2v5w-3f55: Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 52022-05-17
CVEList
CVE-2015-6354: Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 52015-10-31

📋Vendor Advisories

1
Cisco
Cisco FireSIGHT Management Center HTML Injection Vulnerability2015-10-29
CVE-2015-6354 (LOW CVSS 3.5) | Multiple cross-site scripting (XSS) | cvebase.io