Mohamed Tarek

**Name of the Vulnerable Software and Affected Versions** Cisco FMC Software (affected versions not specified) **Description** A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This issue is due to improper input sanitization in the web-based management interface. An attacker could exploit this by persuading a user to click a malicious link, potentially allowing the attacker to conduct a stored XSS attack on an affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center (FMC) (affected versions not specified) Description: The issue is related to errors in processing requests in the password change feature of the Cisco Firepower Management Center (FMC) software. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is due to improper authentication of password update responses, which could be exploited by forcing a password reset on an affected device, potentially allowing the attacker to determine valid user names. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) (affected versions not specified) **Description** The issue is related to a stored cross-site scripting (XSS) attack in the web-based management interface. This is due to the interface not properly validating user-supplied input. An attacker could exploit this by persuading a user to click a crafted link, potentially allowing the execution of arbitrary script code in the context of the affected interface or access to sensitive browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.