CVE-2019-1975

Name of the Vulnerable Software and Affected Versions Cisco HyperFlex Software (affected versions not specified)

Description A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This issue is due to insufficient HTML iframe protection. An attacker could exploit this by directing a user to an attacker-controlled web page containing a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other client-side browser attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.