Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2011-0959

Published: 20/05/2011 Updated: 14/02/2024
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 460
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Cisco

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) prior to 8.6 allow remote malicious users to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco unified operations manager 2.2

cisco unified operations manager 2.0

cisco unified operations manager 2.0.1

cisco unified operations manager

cisco unified operations manager 2.0.2

cisco unified operations manager 1.1

cisco unified operations manager 2.3

cisco unified operations manager 2.1

cisco unified operations manager 8.0

cisco unified operations manager 2.0.3

Vendor Advisories

Cisco: Cisco Unified Operations Manager Multiple Cross-Site Scripting Vulnerabilities
Cisco Unified Operations Manager contains multiple cross-site scripting vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks The vulnerability is due to insufficient validation of user-supplied input to certain scripts that make up the affected application An unauthenticated, remote attacke ...
Check Point Security Alerts: Cisco Unified Operations Manager Cross-Site Scripting (CVE-2011-0959)
Check Point Reference: CPAI-2011-0745 Date Published: 19 Mar 2024 Severity: Medium ...

Exploits

Exploit DB: Cisco Unified Operations Manager XSS / SQL Injection / Directory Traversal
Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities Versions 80 and 85 are affected ...
Exploit DB: Cisco Unified Operations Manager 8.5 - 'iptm/advancedfind.do?extn' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/47901/info Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site ...
Exploit DB: Cisco Unified Operations Manager 8.5 - '/iptm/logicalTopo.do' Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/47901/info Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect ...
Exploit DB: Cisco Unified Operations Manager 8.5 - 'iptm/ddv.do?deviceInstanceName' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/47901/info Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected sit ...
Exploit DB: Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/47901/info Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected ...
Exploit DB: Cisco Unified Operations Manager 8.5 - iptm/eventmon Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/47901/info Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected s ...
Exploit DB: Cisco Unified Operations Manager - Multiple Vulnerabilities
Sense of Security - Security Advisory - SOS-11-006 Release Date 18-May-2011 Last Update - Vendor Notification Date 28-Feb-2011 Product Cisco Unified Operations Manager Common Services Framework Help Servlet Common Service ...

References

CWE-79http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlhttp://tools.cisco.com/security/center/viewAlert.x?alertId=23085http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfhttp://www.exploit-db.com/exploits/17304https://exchange.xforce.ibmcloud.com/vulnerabilities/67521https://nvd.nist.govhttps://packetstormsecurity.com/files/101518/Cisco-Unified-Operations-Manager-XSS-SQL-Injection-Directory-Traversal.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20110518-CVE-2011-0959https://www.exploit-db.com/exploits/35762/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook