Cisco has released updated software to fix the flaw for each of the affected appliances. The problem lies in the AsyncOS, the operating system that runs on the Cisco security appliances. An attacker is able to load arbitrary script in the context of the user s browser through the date_range parameter. The vulnerability could be exploited through a simple malicious URl. The CERT/CC advises customers who can t upgrade immediately to consider restricting access to only trusted hosts and networks.
Source: https://threatpost.com/cisco-patches-xss-flaw-in-security-appliances/106558/