CVE-2015-6354: XSS
First published: Sat Oct 31 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FireSIGHT System Software | =5.4.1.3 | |
| Cisco FireSIGHT System Software | =6.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6354?
CVE-2015-6354 has a high severity due to the potential for remote code execution through cross-site scripting.
How do I fix CVE-2015-6354?
To fix CVE-2015-6354, upgrade Cisco FireSight Management Center to version 6.0.1 or later as recommended by Cisco.
What systems are affected by CVE-2015-6354?
CVE-2015-6354 affects Cisco FireSight Management Center versions 5.4.1.3 and 6.0.0.
Who can exploit CVE-2015-6354?
Remote authenticated users can exploit CVE-2015-6354 due to the vulnerabilities present in the system.
What type of vulnerability is CVE-2015-6354?
CVE-2015-6354 is classified as a cross-site scripting (XSS) vulnerability.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco firesight system software
- version/cisco firesight system software/5.4.1.3
- version/cisco firesight system software/6.0.0