CVE-2015-0690

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller (WLC) devices versions prior to 8.0

Description A cross-site scripting (XSS) issue exists in the HTML help system, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. An unauthenticated, remote attacker could conduct cross-site scripting attacks by convincing a user to follow a malicious link or visit an attacker-controlled web page, potentially executing arbitrary HTML or script code in the security context of the affected site. The attacker may use misleading language to persuade the user to follow the provided link.

Recommendations For versions prior to 8.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.