Cisco Wireless LAN Controller HTML Help System XSS Vulnerability
Cisco Wireless LAN Controller HTML Help System XSS Vulnerability
Release date:
Updated on:
Affected Systems:
Cisco Wireless LAN Controller <8.0
Description:
CVE (CAN) ID: CVE-2015-0690
Cisco WLC is responsible for system-wide wireless LAN functions, such as security policies, intrusion protection, RF management, service quality and mobility.
Earlier than Cisco Wireless LAN Controller (WLC) 8.0, HTML helped the system to have a cross-site scripting vulnerability. Remote attackers can exploit this vulnerability to inject arbitrary Web scripts or HTML by constructing URLs.
<* Source: Cisco
*>
Suggestion:
Vendor patch:
Cisco
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://tools.cisco.com/security/center/viewAlert.x? AlertId = 38222
This article permanently updates the link address: