Cisco UCS Director is a private cloud infrastructure-as-a-service (IaaS) heterogeneous platform from Cisco (Cisco) U.S. A cross-site scripting vulnerability exists in versions prior to Cisco UCS Director 6.6, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client side.