CVE-2015-6434

MEDIUM

Cisco Prime Infrastructure - XSS

Title source: rule

Description

Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856.

References (2)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-pi

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034582

Scores

CVSS v3 6.1

EPSS 0.0024

EPSS Percentile 47.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (1)

cisco/prime_infrastructure

Timeline

Published Jan 08, 2016

Tracked Since Feb 18, 2026