CVE-2018-15451

Name of the Vulnerable Software and Affected Versions: Cisco Prime Service Catalog (affected versions not specified)

Description: The issue is related to insufficient protection of the web page structure, allowing for cross-site scripting (XSS) attacks. An attacker could exploit this by persuading a user to click a specially crafted link, potentially executing arbitrary script code in the context of the interface or accessing sensitive browser-based information. The vulnerability is due to insufficient validation of user-supplied input processed by the web-based management interface.

Recommendations: For Cisco Prime Service Catalog, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, avoid using links from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.