Published: 20/05/2011 Updated: 14/02/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) prior to 8.6 allows remote malicious users to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco unified operations manager 2.2
cisco unified operations manager 2.0
cisco unified operations manager 2.0.1
cisco unified operations manager
cisco unified operations manager 2.0.2
cisco unified operations manager 1.1
cisco unified operations manager 2.3
cisco unified operations manager 2.1
cisco unified operations manager 8.0
cisco unified operations manager 2.0.3

Cisco Unified Operations Manager contains a cross-site scripting vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks The vulnerability is due to improper validation of user input supplied to the Common Services Device Center component used by the affected application An unauthenticated, remo ...

Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities Versions 80 and 85 are affected ...

source: wwwsecurityfocuscom/bid/47903/info Cisco Unified Operations Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This ma ...

Sense of Security - Security Advisory - SOS-11-006 Release Date 18-May-2011 Last Update - Vendor Notification Date 28-Feb-2011 Product Cisco Unified Operations Manager Common Services Framework Help Servlet Common Service ...

CWE-79 http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html http://www.exploit-db.com/exploits/17304 http://tools.cisco.com/security/center/viewAlert.x?alertId=23087 https://exchange.xforce.ibmcloud.com/vulnerabilities/67524 https://nvd.nist.gov https://packetstormsecurity.com/files/101518/Cisco-Unified-Operations-Manager-XSS-SQL-Injection-Directory-Traversal.html https://www.exploit-db.com/exploits/35780/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20110518-CVE-2011-0962

CVE-2011-0962

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect