CVE-2023-20005
Summary
Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software's web-based management interface allow unauthenticated, remote attackers to perform stored cross-site scripting (XSS) attacks. These flaws stem from insufficient input validation, enabling attackers to inject crafted data and execute arbitrary script code or access sensitive information within the interface's context.
IFF Assessment
The vulnerabilities allow unauthenticated remote attackers to execute arbitrary code and access sensitive information, directly harming defenders.
Severity
Defender Context
Defenders should prioritize patching or applying mitigations for Cisco FMC Software to address these XSS vulnerabilities. Attackers can leverage these flaws to compromise user sessions or steal sensitive data displayed within the management interface.