Cisco Cyber Vision Center Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the web-based management interface of Cisco Cyber Vision Center, prior to version 5.3. This vulnerability allows authenticated, remote attackers to inject malicious scripts into specific pages of the interface. Exploitation of this issue could enable attackers to execute arbitrary scripts in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials that allow access to the Reports page, a privilege granted to all pre-defined user roles and any custom users configured for Reports access.

Impact

Exploitation of this vulnerability could lead to stored cross-site scripting, allowing injected scripts to be executed in the context of the user interface.

Remediation

Users are advised to upgrade to Cisco Cyber Vision Center version 5.1, 5.2 or 5.3, as these versions are not vulnerable. Instructions for upgrading can be found on the Cisco Support and Downloads page.