CVE-2015-0707: XSS
First published: Thu Apr 23 2015(Updated: )
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FireSIGHT System Software | =5.3.1.1 | |
| Cisco FireSIGHT System Software | =6.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2015-0707?
The severity of CVE-2015-0707 is classified as medium risk due to the potential for remote authenticated users to perform cross-site scripting attacks.
How do I fix CVE-2015-0707?
To fix CVE-2015-0707, upgrade Cisco FireSIGHT System Software to version 5.3.1.2 or later, or to version 6.0.1 or later, as advised by Cisco.
Who is affected by CVE-2015-0707?
CVE-2015-0707 affects users of Cisco FireSIGHT System Software versions 5.3.1.1 and 6.0.0.
What type of vulnerability is CVE-2015-0707?
CVE-2015-0707 is a cross-site scripting (XSS) vulnerability that allows for the injection of arbitrary web scripts or HTML.
When was CVE-2015-0707 disclosed?
CVE-2015-0707 was disclosed on January 14, 2015.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- vendor/cisco
- canonical/cisco firesight system software
- version/cisco firesight system software/5.3.1.1
- version/cisco firesight system software/6.0.0