Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0959

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-0959
Last Modified 24 May 2011 12:00:00
Published 20 May 2011 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0959

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

Vulnerable Systems

Application

  • Cisco Unified Operations Manager 1.1

  • Cisco Unified Operations Manager 2.0

  • Cisco Unified Operations Manager 2.0.1

  • Cisco Unified Operations Manager 2.0.2

  • Cisco Unified Operations Manager 2.0.3

  • Cisco Unified Operations Manager 2.1

  • Cisco Unified Operations Manager 2.2

  • Cisco Unified Operations Manager 2.3

  • Cisco Unified Operations Manager 8.0

  • Cisco Unified Operations Manager 8.5


References

XF - cisco-uom-multiple-xss(67521)

MISC - http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf

EXPLOIT-DB - 17304

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=23085

FULLDISC - 20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006


Last Updated: 27 May 2016 10:56:06