CVE-2016-6404

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.5(2)T and earlier

Description A cross-site scripting (XSS) issue exists in the web framework of Cisco IOx Local Manager, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code, potentially allowing the attacker to execute arbitrary code in the context of the affected site or access sensitive browser-based information.

Recommendations For Cisco IOS version 15.5(2)T, update to a fixed version to resolve the issue. At the moment, there is no information about additional mitigation measures for other affected versions.