Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or ac…
- Scope: At the time of publication, this vulnerability affected Cisco Prime Infrastructure, regardless of device configuration.
- Release 3.9 and earlier Migrate to a fixed release (first fixed: 3.10 3.10.6 Security Update 02)
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 3.10 3.10.6 Security Update 02
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 3.9 and earlier Migrate to a fixed release: upgrade to 3.10 3.10.6 Security Update 02.
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.