Medium severity6.1NVD Advisory· Published Jun 18, 2016· Updated May 6, 2026

CVE-2016-1431

Description

Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco Firepower Management Center versions 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 are vulnerable to persistent XSS via crafted URL, with no patch available.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in the HTTP framework of Cisco Firepower Management Center (FMC) due to insufficient filtering of output data [1]. This allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Affected versions include 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 [1].

Exploitation

An unauthenticated, remote attacker can exploit this vulnerability by persuading a user to follow a link to a malicious site or by intercepting a user request and injecting malicious code into the request [1]. No authentication or special privileges are required.

Impact

Successful exploitation allows the attacker to execute arbitrary script in the context of the affected site or access sensitive browser-based information [1]. This can lead to disclosure of session tokens, credentials, or other data accessible in the browser.

Mitigation

As of the advisory publication date (June 17, 2016), Cisco has not released software updates that address this vulnerability, and there are no workarounds [1]. Users are advised to monitor Cisco's security advisories for future updates and consider upgrading to a fixed version when available [1].

References

Cisco Security Advisory: Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Secure Firewall Management Center5 versions
cpe:2.3:a:cisco:secure_firewall_management_center:4.10.3:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:cisco:secure_firewall_management_center:4.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_firewall_management_center:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0:*:*:*:*:*:*:*
Cisco Systems, Inc./Firepower Management Centerllm-fuzzy
Range: 4.10.3, 5.2.0, 5.3.0, 5.3.1, 5.4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-fmcnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000