Test ID:	1.3.6.1.4.1.25623.1.0.106167
Category:	CISCO
Title:	Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability
Summary:	A vulnerability in the web interface of Cisco Prime Infrastructure;could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack.;;This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability;by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. An exploit could;allow the attacker to conduct clickjacking or other client-side browser attacks.
Description:	Summary: A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. An exploit could allow the attacker to conduct clickjacking or other client-side browser attacks. Solution: Upgrade to Cisco Prime Infrastructure version 3.1(1) or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1474 BugTraq ID: 92278 http://www.securityfocus.com/bid/92278 Cisco Security Advisory: 20160803 Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-cpi http://www.securitytracker.com/id/1036530
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.