Test ID:	1.3.6.1.4.1.25623.1.0.105724
Category:	CISCO
Title:	Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
Summary:	A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System; (UCS) Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a; user of the web interface of the affected system.
Description:	Summary: A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. Vulnerability Insight: The vulnerability is due to insufficient input validation of a user-supplied value. Vulnerability Impact: An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user. Affected Software/OS: Cisco UCS Central Software Release 1.4(1a) is vulnerable. Solution: Update to 1.4(1b) or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1401 Cisco Security Advisory: 20160517 Cisco Unified Computing System Central Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ucs http://www.securitytracker.com/id/1035933
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.