CVE-2022-20935

Name of the Vulnerable Software and Affected Versions Cisco Firepower Management Center (FMC) Software (affected versions not specified)

Description The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. An attacker could exploit this by inserting crafted input into various data fields in an affected interface, potentially executing arbitrary script code in the context of the interface or accessing sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.