CiscoWorks Common Services Framework 3.1.1 Help Servlet – Cross-Site Scripting

Exploit Database
100 阅读

作者： Sense of Security

日期： 2011-05-18
类别：
- remote
平台：
- hardware
来源：https://www.exploit-db.com/exploits/35779/

source: https://www.securityfocus.com/bid/47902/info

CiscoWorks Common Services is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and launch other attacks.

This issue is being monitored by Cisco Bug ID CSCto12704.

CiscoWorks Common Services 3.3 and prior are vulnerable.

http://www.example.com/cwhp/device.center.do?device=&72a9f"><script>alert(1)</script>5f5251aaad=1

last Exploits
CiscoWorks Common Services Framework 3.1.1 Help Servlet – Cross-Site Scripting的更多信息

Apache mod_wsgi – Information Disclosure：
Eclipse 3.6.1 – Help Server ‘help/index.jsp’ Cross-Site Scripting：
Adobe Flash Player – casi32 Integer Overflow (Metasploit)：
Microsoft SharePoint – Deserialization Remote Code Execution：
7-Technologies IGSS 9.00.00.11059 – Multiple Vulnerabilities：
Alfresco – ‘/cmisbrowser?url’ Server-Side Request Forgery：
Novell iPrint Client Browser Plugin – ExecuteRequest debug Stack Overflow：
HP Digital Imaging – ‘hpodio08.dll’ Insecure Method：