Cisco-SA-20150406-CVE-2015-0690

A vulnerability in the HTML help system of Cisco Wireless LAN Controller (WLC) devices could allow an unauthenticated, remote attacker conduct cross-site scripting attacks. An unauthenticated, remote attacker who can convince a user of an affected system to follow a malicious link or visit an attacker-controlled web page could execute arbitrary HTML or script code in the security context of the affected site. Cisco has confirmed the vulnerability; however, software updates are not available. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.