Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified Operations Manager Multiple Cross-Site Scripting Vulnerabilities

Cisco-SA-20110518-CVE-2011-0959 · Medium · Published · Updated

Cisco Unified Operations Manager contains multiple cross-site scripting vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input to certain scripts that make up the affected application.  An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious link.  If successful, the attacker could conduct cross-site scripting attacks and gain access to sensitive information. Exploit code is available. Cisco has confirmed this vulnerability and has released updated software. An attacker cannot directly exploit this vulnerability without user participation.  The attacker must convince the user to view a malicious link, likely provided in an e-mail or instant message. These vulnerabilities were discovered and reported to Cisco Systems by Brett Gervasoni of Sense of Security.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them.

Administrators are advised to monitor affected systems.

CVEsCVE-2011-0959
Cisco Bug IDsNA
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source
Cisco Unified Operations Manager

Related Products

Product CVE Evidence