Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco BroadWorks Application Delivery Platform. This issue allows an authenticated, remote attacker to conduct XSS attacks against users of the interface. The vulnerability arises from inadequate validation of user-supplied input, enabling attackers to inject malicious code into specific pages. Exploitation of this vulnerability could result in the execution of arbitrary scripts in the context of the affected interface or the access of sensitive browser-based information. To exploit this vulnerability, an attacker must possess valid administrative credentials.

Impact

Exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected user interface, potentially leading to the execution of malicious actions or the theft of sensitive information accessible through the user's browser.

Remediation

Users can upgrade to Cisco BroadWorks Application Delivery Platform release RI.2025.05 or later to address this vulnerability. For guidance on upgrading, consult the Cisco Security Vulnerability Policy or contact the Cisco Technical Assistance Center (TAC).