Cisco Unified Computing System Central Cross-Site Scripting Vulnerability CVE-2016-1401
- CVSSv3 Score
- Vulnerability description
A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.
- Risk description
The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user.
Update to 1.4(1b) or later.
- Not available