CVE-2016-6365 — Cross-site Scripting in Cisco Secure Firewall Management Center

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 39.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Management Center

Timeline

PublishedAug 23

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDcisco/secure_firewall_management_center6 versions+5

🔴Vulnerability Details

GHSA

GHSA-xr4r-mvww-q76g: Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4↗2022-05-17

▶

CVEList

CVE-2016-6365: Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4↗2016-08-23

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center Cross-Site Scripting Vulnerability↗2016-08-17

▶