Published: 19/12/2012 Updated: 30/01/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco wireless_lan_controller_software 7.2.110.0
cisco 2000_wireless_lan_controller
cisco 2100_wireless_lan_controller
cisco 2500_wireless_lan_controller -
cisco 4400_wireless_lan_controller
cisco 7500_wireless_lan_controller -
cisco 8500_wireless_lan_controller -
cisco 4100_wireless_lan_controller
cisco 5500_wireless_lan_controller -

Cisco WLC CSRF, DoS, and Persistent XSS Vulnerabilities # Exploit Title: u M@d? - Cisco WLC CSRF, DoS, and Persistent XSS Vulnerabilities # Date: Discovered and reported November 2012 # Author: Jacob Holcomb/Gimppy042 - Security Analyst @ Independent Security Evaluators # Software: Cisco Wireless Lan Controller 721100 (wwwciscocom) ...

Cisco Wireless Lan Controller version 721100 suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities ...

CWE-79 http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html https://nvd.nist.gov https://www.exploit-db.com/exploits/23361/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-6007

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect