CVE-2016-1474Improper Input Validation in Cisco Prime Infrastructure

CWE-20Improper Input ValidationCWE-284Improper Access Control4 documents4 sources
Severity
4.3MEDIUMNVD
CNA6.1
EPSS
0.2%
top 53.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Prime Infrastructure
Timeline
PublishedAug 8
Latest updateMay 17

Description

Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-6vqh-26fp-9x33: Cisco Prime Infrastructure 22022-05-17
CVEList
CVE-2016-1474: Cisco Prime Infrastructure 22016-08-08

📋Vendor Advisories

1
Cisco
Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability2016-08-03
CVE-2016-1474 — Improper Input Validation in Cisco | cvebase