CVE-2016-1474

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure version 2.2(2)

Description The issue is related to a "cross-frame scripting (XFS)" problem, where the software does not properly restrict the use of IFRAME elements. This makes it easier for remote attackers to conduct clickjacking attacks and other unspecified attacks via a crafted web site.

Recommendations For Cisco Prime Infrastructure version 2.2(2), consider restricting the use of IFRAME elements as a temporary workaround until a patch is available. Additionally, avoid using crafted web sites that could exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.