Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1960

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2006-1960
Last Modified 07 Mar 2011 09:34:42
Published 21 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1960

Summary

Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.

Vulnerable Systems

Application

  • Cisco Wireless Lan Solution Engine 2.0

  • Cisco Wireless Lan Solution Engine 2.1

  • Cisco Wireless Lan Solution Engine 2.10

  • Cisco Wireless Lan Solution Engine 2.11

  • Cisco Wireless Lan Solution Engine 2.12

  • Cisco Wireless Lan Solution Engine 2.13

  • Cisco Wireless Lan Solution Engine 2.2

  • Cisco Wireless Lan Solution Engine 2.3

  • Cisco Wireless Lan Solution Engine 2.4

  • Cisco Wireless Lan Solution Engine 2.5

  • Cisco Wireless Lan Solution Engine 2.6

  • Cisco Wireless Lan Solution Engine 2.7

  • Cisco Wireless Lan Solution Engine 2.8

  • Cisco Wireless Lan Solution Engine 2.9


References

CISCO - 20060419 Multiple Vulnerabilities in the WLSE Appliance

SECTRACK - 1015965

SECUNIA - 19736

VUPEN - ADV-2006-1434

XF - cisco-wlse-user-xss(25883)

BID - 17604

BUGTRAQ - 20060419 Multiple vulnerabilities in Linux based Cisco products

BUGTRAQ - 20060419 Re: Multiple vulnerabilities in Linux based Cisco products

OSVDB - 24812

MISC - http://www.assurance.com.au/advisories/200604-cisco.txt


Last Updated: 27 May 2016 10:42:16