CVE-2017-12220 - AskarLabs CVE Database

CVE-2017-12220

Vendor N/A

Product Cisco Firepower Management Center

Weakness CWE-79 · XSS

Published September 7, 2017

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc50771.

Key dates

02Disclosure timeline

September 7, 2017 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-12220

Related vulnerabilities

04Related CVE

CVE-2024-47341 WordPress WP-DownloadManager plugin <= 1.68.8 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-23830 WordPress JB Horizontal Scroller News Ticker plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability CVE-2022-29168 Cross Site Scripting in Wire Messages CVE-2025-13975 Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings CVE-2021-47699 Nagios XI < 5.8.7 XSS in Audit Log via Send to NLS Form