CVE-2016-1293: XSS
First published: Sat Jan 16 2016(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FireSIGHT System Software | =6.0.0 | |
| Cisco FireSIGHT System Software | =6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1293?
CVE-2016-1293 has been classified with a moderate severity level, affecting Cisco FireSIGHT System Software.
How do I fix CVE-2016-1293?
To fix CVE-2016-1293, you should upgrade your Cisco FireSIGHT System Software to the latest version that addresses this vulnerability.
What type of attacks can CVE-2016-1293 enable?
CVE-2016-1293 can enable remote attackers to perform cross-site scripting (XSS) attacks by injecting arbitrary web scripts or HTML.
Which versions of Cisco FireSIGHT are affected by CVE-2016-1293?
CVE-2016-1293 affects Cisco FireSIGHT System Software versions 6.0.0 and 6.0.1.
Who can exploit CVE-2016-1293?
Remote attackers can exploit CVE-2016-1293 by sending malicious parameters to the Management Center of Cisco FireSIGHT System Software.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco firesight system software
- version/cisco firesight system software/6.0.0
- version/cisco firesight system software/6.0.1