CVE-2017-6618

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) version 3.0(1c)

Description The issue is related to insufficient validation of user-supplied input, which could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. An attacker could exploit this by persuading an authenticated user to follow a malicious link, potentially allowing the execution of arbitrary code in the context of the web-based GUI.

Recommendations For Cisco Integrated Management Controller (IMC) version 3.0(1c), update to a version that addresses the insufficient validation of user-supplied input to prevent cross-site scripting (XSS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.