CVE-2011-0959 : Detail

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 35765

Publication date : 2011-06-17 22h00 +00:00
Author : Sense of Security
EDB Verified : Yes

Exploit Database EDB-ID : 35766

Publication date : 2011-06-17 22h00 +00:00
Author : Sense of Security
EDB Verified : Yes

Exploit Database EDB-ID : 35762

Publication date : 2011-06-17 22h00 +00:00
Author : Sense of Security
EDB Verified : Yes

Exploit Database EDB-ID : 35763

Publication date : 2011-06-17 22h00 +00:00
Author : Sense of Security
EDB Verified : Yes

Exploit Database EDB-ID : 35764

Publication date : 2011-06-17 22h00 +00:00
Author : Sense of Security
EDB Verified : Yes

Exploit Database EDB-ID : 17304

Publication date : 2011-05-17 22h00 +00:00
Author : Sense of Security
EDB Verified : Yes

Products Mentioned

Configuraton 0

Cisco>>Unified_operations_manager >> Version To (including) 8.5

Cisco>>Unified_operations_manager >> Version 1.1

Cisco>>Unified_operations_manager >> Version 2.0

Cisco>>Unified_operations_manager >> Version 2.0.1

Cisco>>Unified_operations_manager >> Version 2.0.2

Cisco>>Unified_operations_manager >> Version 2.0.3

Cisco>>Unified_operations_manager >> Version 2.1

Cisco>>Unified_operations_manager >> Version 2.2

Cisco>>Unified_operations_manager >> Version 2.3

Cisco>>Unified_operations_manager >> Version 8.0

References