Description
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
Problem types
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
7.3.0
7.3.1
7.3.1.1
7.4.0
7.4.1
7.4.1.1
7.3.1.2
References
sec.cloudapps.cisco.com/...dvisory/cisco-sa-fmc-xss-dhJxQYZs (cisco-sa-fmc-xss-dhJxQYZs)
sec.cloudapps.cisco.com/...dvisory/cisco-sa-fmc-xss-M446vbEO
sec.cloudapps.cisco.com/...enter/viewErp.x?alertId=ERP-75300 (Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication)
