CVE-2014-2147

The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuj42444.

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

Severity	MEDIUM
CVSS	4.3
EPSS	0.42% EPSS medium
CWE	CWE-20
KEV
Published	11 years ago
Modified	2 weeks ago

Products with public affected evidence

Product	Advisory	Affected evidence
Cisco Prime Infrastructure	Cisco-SA-20150211-CVE-2014-2147	structured affected CSAF product_status