Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0961

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-0961
Last Modified 23 Mar 2015 09:59:31
Published 20 May 2011 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0961

Summary

Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.

Vulnerable Systems

Application

  • Ciscoworks Common Services 1.0

  • Ciscoworks Common Services 2.2

  • Ciscoworks Common Services 3.0

  • Ciscoworks Common Services 3.0.3

  • Ciscoworks Common Services 3.0.4

  • Ciscoworks Common Services 3.0.5

  • Ciscoworks Common Services 3.0.6

  • Ciscoworks Common Services 3.1

  • Ciscoworks Common Services 3.1.1

  • Ciscoworks Common Services 3.2

  • Ciscoworks Common Services 3.3


References

XF - cisco-uom-framework-xss(67523)

MISC - http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf

EXPLOIT-DB - 17304

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=23088

FULLDISC - 20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006

BID - 47902


Last Updated: 27 May 2016 11:08:09