Vulnslist

A vulnerability in the portal page of Cisco Prime Central for Hosted Collaboration Solution could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to a failure to properly sanitize user-supplied input. An attacker could exploit this vulnerability by convincing the user to access a malicious link. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions in an attempt to persuade a user to follow the malicious link. Customers are advised to review the bug report in the Vendor Announcements section for a current list of affected versions.

Administrators are advised to contact the vendor regarding future updates and releases.

Users should verify that unsolicited links are safe to follow.

For additional information about cross-site scripting attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Scripting (XSS) Threat Vectorshttp://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html

Administrators are advised to monitor affected systems.