CVE-2018-0190

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified)

Description: The issue is related to multiple vulnerabilities in the web-based user interface of Cisco IOS XE Software, allowing an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerabilities are due to insufficient input validation of certain parameters passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user to access a malicious link or by intercepting a user request and injecting malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or access sensitive browser-based information on the user's system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.