Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack.

This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. An exploit could allow the attacker to conduct clickjacking or other client-side browser attacks.

Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2aTw2cV A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack.

This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. An exploit could allow the attacker to conduct clickjacking or other client-side browser attacks.

Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2aTw2cV
Security Impact Rating: Medium
CVE: CVE-2016-1474

from Cisco Security Advisory http://ift.tt/2aTw2cV