cve/2021/CVE-2021-1238.md

### [CVE-2021-1238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1238)
![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Management%20Center&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79&color=brightgreen)

### Description

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/n0-traces/cve_monitor
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2021-1238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1238)`
			`![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Management%20Center&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79&color=brightgreen)`

			`### Description`

			Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/n0-traces/cve_monitor`