CVE-2005-3921 — Cross-site Scripting in Cisco IOS

CWE-79 — Cross-site Scripting4 documents3 sources

Severity

2.6LOWNVD

EPSS

1.6%

top 18.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedNov 30

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally…

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/ios12.3+224

🔴Vulnerability Details

GHSA

GHSA-rr7q-672p-8qm6: Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12↗2022-05-01

▶

📋Vendor Advisories

Cisco

IOS HTTP Server Command Injection Vulnerability↗2005-12-01

▶

Cisco

IOS HTTP Server Command Injection Vulnerability↗

▶