Cisco FXOS and UCS Manager Software Stored Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious data into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affecte…
- Scope: At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco FXOS Software or UCS Manager Software:
- 4.2 and earlier — Migrate to a fixed release
- Release 4.3 (first fixed: 4.3(6a))
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 4.3(6a)
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 4.2 and earlier: migrate to a fixed release.
- Release 4.3: upgrade to 4.3(6a).
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.