Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

CiscoWorks Common Services Framework Help Servlet Cross-Site Scripting Vulnerability

Cisco-SA-20110518-CVE-2011-0961 · Medium · Published · Updated

CiscoWorks Common Services contains a cross-site scripting vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of malformed user input supplied via URL parameters to the affected application.  An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious link.  If successful, the attacker could execute arbitrary script or HTML code in the user's browser in the security context of the affected site. Exploit code is available. Cisco has confirmed this vulnerability and has released updated software. To exploit this vulnerability, an attacker must convince a user to follow a malicious link.  The attacker may provide links in e-mail or instant messages. Functional exploit code that demonstrates the ability to execute malicious script in a user's browser is publicly available. This vulnerability was discovered and reported to Cisco Systems by Brett Gervasoni of Sense of Security.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them.

Administrators are advised to monitor affected systems.

CVEsCVE-2011-0961
Cisco Bug IDsNA
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source
CiscoWorks Common Services (CS)

Related Products

Product CVE Evidence
CiscoWorks Common Services (CS) CVE-2011-0961 Cisco OpenVuln