Published: 16/01/2009 Updated: 11/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 up to and including 12.4 allow remote malicious users to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.


source: wwwsecurityfocuscom/bid/33260/info Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This ma ...

Mailing Lists

The Cisco IOS HTTP server is vulnerable to cross site scripting within invalid parameters processed by the "/ping" server-side binary/script ...