CVE-2015-0594

Name of the Vulnerable Software and Affected Versions Cisco Prime LAN Management Solution (LMS) (affected versions not specified) Cisco Security Manager (affected versions not specified) Cisco Common Services (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the help pages of Cisco Common Services, which is used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Recommendations For Cisco Prime LAN Management Solution (LMS), update to a version that includes the fix for Bug IDs CSCuq54654 and CSCun18263. For Cisco Security Manager, update to a version that includes the fix for Bug IDs CSCuq54654 and CSCun18263. For Cisco Common Services, update to a version that includes the fix for Bug IDs CSCuq54654 and CSCun18263. As a temporary workaround, consider restricting access to the help pages in Cisco Common Services to minimize the risk of exploitation.