Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1960 — Cross-site Scripting in Cisco Wireless LAN Solution Engine

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.8MEDIUMNVD

EPSS

7.9%

top 7.97%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco Wireless LAN Solution Engine

Timeline

PublishedApr 21

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDcisco/wireless_lan_solution_engine14 versions+13

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-4pc4-8xfx-vr97: Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express↗2022-05-01

▶

CVEList

CVE-2006-1960: Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express↗2006-04-21

▶

💥Exploits & PoCs

Exploit-DB

Cisco Wireless Lan Solution Engine - ArchiveApplyDisplay.jsp Cross-Site Scripting↗2006-04-19

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in the WLSE Appliance↗2006-04-19

▶