CVE-2015-0766: XSS
First published: Thu Jun 04 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FireSIGHT System Software | =6.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0766?
CVE-2015-0766 is classified as a medium severity vulnerability due to its ability to allow remote attackers to execute arbitrary web script or HTML.
How do I fix CVE-2015-0766?
To address CVE-2015-0766, users should update their Cisco FireSIGHT System Software to the most recent version that resolves these vulnerabilities.
What systems are affected by CVE-2015-0766?
CVE-2015-0766 specifically affects the Cisco FireSIGHT System Software version 6.0.0.
What type of vulnerability is CVE-2015-0766?
CVE-2015-0766 is a cross-site scripting (XSS) vulnerability that allows for the injection of arbitrary web scripts or HTML.
Can CVE-2015-0766 be exploited remotely?
Yes, CVE-2015-0766 can be exploited remotely due to its presence in the administrative web interface of the Cisco FireSIGHT System Software.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/cisco
- canonical/cisco firesight system software
- version/cisco firesight system software/6.0.0