Test ID:	1.3.6.1.4.1.25623.1.0.106249
Category:	CISCO
Title:	Cisco IOS Software IOx Local Manager Cross-Site Scripting Vulnerability
Summary:	A vulnerability in the web framework code of the Cisco Local Manager could;allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of;the web interface of the affected system.
Description:	Summary: A vulnerability in the web framework code of the Cisco Local Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. Vulnerability Insight: The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. Vulnerability Impact: An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6404 BugTraq ID: 92963 http://www.securityfocus.com/bid/92963 Cisco Security Advisory: 20160914 Cisco IOS and IOS XE Software IOx Local Manager Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ios http://www.securitytracker.com/id/1036834
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.