**Name of the Vulnerable Software and Affected Versions**

Cisco IOS XE Software (affected versions not specified)

**Description**

A flaw exists in the web UI of Cisco IOS XE Software that could permit an unauthenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack on a vulnerable device. This issue stems from insufficient sanitization of user-provided input. An attacker could potentially exploit this by tricking a user into clicking a malicious link, which could lead to the execution of a reflected XSS attack and the theft of user cookies from the affected device.

**Recommendations**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.