Cisco Prime Infrastructure XSS Vulnerability (CVE-2015-6434)
Cisco Prime Infrastructure XSS Vulnerability (CVE-2015-6434)
Release date:
Updated on:
Affected Systems:
Cisco Prime Infrastructure
Description:
CVE (CAN) ID: CVE-2015-6434
Cisco Prime Infrastructure is a solution for wireless management through Cisco technology LMS and NCS.
Cisco Prime Infrastructure does not properly restrict the use of IFRAME elements, which allows remote attackers to execute click hijacking and other attacks by constructing a website.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-pi
*>
Suggestion:
Vendor patch:
Cisco
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://tools.cisco.com/security/center/publicationListing.x #~ CiscoSecurityResponse
This article permanently updates the link address: