中文描述:

Cisco Prime Data Center Network Manager（DCNM）是美国思科（Cisco）公司的一套数据中心网络管理器。该管理器可对网络进行多协议管理，并对交换机的运行状况和性能提供故障排除功能。 Cisco Prime DCNM版本中的基于Web的管理界面存在跨站脚本漏洞，该漏洞源于程序没有充分的校验用户提交的输入。远程攻击者可通过诱使该界面用户点击特制的链接利用该漏洞在界面的上下文中执行任意脚本代码或访问基于浏览器的敏感信息。

英文描述:

A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg81051.

CWE类型:

标签:

中文解决方案:

英文解决方案:

临时解决方案: