CVE-2016-1474

MEDIUM

Cisco Prime Infrastructure 2.2(2) - XSS

Title source: llm
STIX 2.1

Description

Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036530
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92278

Scores

CVSS v3 4.3
EPSS 0.0135
EPSS Percentile 68.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-284
Status published
Products (1)
cisco/prime_infrastructure 2.2\(2\)
Published Aug 08, 2016
Tracked Since Feb 18, 2026