Description
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.
Problem types
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
8.0.0
8.0.0.1
3.0.0
3.1.0
3.1.5
3.6.0
3.7.0
3.4.0
3.3.0
3.2
3.5.0
3.2.0-FIPS
3.8.0-FED
3.9.0
3.8.0
3.10.0
3.1.1
3.0.2
3.0.3
3.0.1
3.8.1
3.7.1
3.5.1
3.4.2
3.3.1
3.1.7
3.2.1
3.2.2
3.1.6
3.1.2
3.4.1
3.1.3
3.1.4
3.0.6
3.0.4
3.0.5
3.0.7
3.10.2
3.10.3
3.10
3.10.1
3.7.1 Update 03
3.7.1 Update 04
3.7.1 Update 06
3.7.1 Update 07
3.8.1 Update 01
3.8.1 Update 02
3.8.1 Update 03
3.8.1 Update 04
3.4.2 Update 01
3.6.0 Update 04
3.6.0 Update 02
3.6.0 Update 03
3.6.0 Update 01
3.5.1 Update 03
3.5.1 Update 01
3.5.1 Update 02
3.7.0 Update 03
3.8.0 Update 01
3.8.0 Update 02
3.7.1 Update 01
3.7.1 Update 02
3.7.1 Update 05
3.3.0 Update 01
3.4.1 Update 02
3.4.1 Update 01
3.5.0 Update 03
3.5.0 Update 01
3.5.0 Update 02
3.10.4
3.10.4 Update 01
3.10.4 Update 02
3.10.4 Update 03
3.10.5
3.10.6
3.10.6 Update 01
References
sec.cloudapps.cisco.com/...co-sa-epnm-pi-stored-xss-XjQZsyCP (cisco-sa-epnm-pi-stored-xss-XjQZsyCP)
