Test ID:	1.3.6.1.4.1.25623.1.0.106901
Category:	CISCO
Title:	Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability (cisco-sa-20170621-piwf)
Summary:	A vulnerability in the web framework code of Cisco Prime Infrastructure;could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of;the web interface of an affected system.
Description:	Summary: A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. Vulnerability Insight: The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Vulnerability Impact: An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6724 BugTraq ID: 99203 http://www.securityfocus.com/bid/99203 http://www.securitytracker.com/id/1038751
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.