CVE-2021-1456 — Cross-site Scripting in Cisco Secure Firewall Management Center

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 58.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Management Center Cisco Firepower Management Center

Timeline

PublishedApr 29

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_management_centern/a

▶NVDcisco/secure_firewall_management_center6.5.0 — 6.6.3+2

🔴Vulnerability Details

GHSA

GHSA-g6f6-787v-hqqp: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, rem↗2022-05-24

▶

CVEList

Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities↗2021-04-29

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities↗2021-04-28

▶