Cisco Content Security Management Appliance XSS and CSRF Vulnerabilities

Summary
This host is running Cisco Content Security Management Appliance and is prone to cross site scripting and cross site request forgery vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Impact Level: Application
Solution
Upgrade to latest version of Cisco CSMA or Apply the patch, For updates refer to http://www.cisco.com/en/US/products/ps12503/index.html
Insight
Multiple flaws are due to, - The lack of output escaping in the default error 500 page. When a exception occurs in the application, the error description contains user unvalidated input from the request. - The lack of input validation on job_name, job_type, appliances_options and config_master parameters which are then printed unscapped on job_name, old_job_name, job_type, appliance_lists and config_master fields. - The CSRFKey is not used in some areas of the application.
Affected
Cisco Content Security Management Appliance (SMA) 8.1 and prior
Detection
Get the installed version of Cisco Content Security Management Appliance with the help of detect NVT and check the version is vulnerable or not.
References