CVE-2021-1238 — Cross-site Scripting in Cisco Secure Firewall Management Center

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 58.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Management Center Cisco Firepower Management Center

Timeline

PublishedJan 13

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successfu…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_management_centern/a

▶NVDcisco/secure_firewall_management_center< 6.7.0

🔴Vulnerability Details

GHSA

GHSA-8v3j-xr44-f498: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacke↗2022-05-24

▶

CVEList

Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerabilities↗2021-01-13

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerabilities↗2021-01-13

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Use-after-free vulnerability in WebKit↗2021-06-02

▶