Zero-day disclosed in December still waiting for a patch
https://www.bleepingcomputer.com/news/security/cisco-discloses-xss-zero-day-flaw-in-server-management-tool/
Cisco disclosed today a zero-day vulnerability in the company's Prime Collaboration Deployment (PCD) software that can be exploited for cross-site scripting attacks.
This server management utility enables admins to perform migration or upgrade tasks on servers in their organization's inventory.