Cisco Connected Grid Network Management System Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	58806
Class:	Input Validation Error
CVE:	CVE-2013-1171
Remote:	Yes
Local:	No
Published:	Apr 01 2013 12:00AM
Updated:	Apr 01 2013 12:00AM
Credit:	Reported by the vendor.
Vulnerable:	Cisco Connected Grid Network Management System 0
Not Vulnerable:

Cisco Connected Grid Network Management System Multiple Cross Site Scripting Vulnerabilities

Cisco Connected Grid Network Management System is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues are being tracked by Cisco Bug IDs CSCue14517, CSCue38914, CSCue38884, CSCue38882, CSCue38881, CSCue38872, CSCue38868, CSCue38866, CSCue38853, and CSCue14540.

Cisco Connected Grid Network Management System Multiple Cross Site Scripting Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.

Cisco Connected Grid Network Management System Multiple Cross Site Scripting Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Cisco Connected Grid Network Management System Multiple Cross Site Scripting Vulnerabilities

References:

• Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilit (Cisco)
  
• Cisco Connected Grid Network Management System Homepage (Cisco)