cisco-sa-20160208-apic · Medium · Published · Updated
A vulnerability in the web framework of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation of user-submitted content. An attacker could exploit this vulnerability by disguising embedded malicious HTML code in the affected web page and convincing the user to access a page that uses variables to express the malicious code. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-apic