CVE-2006-3289

CWE-200 — Information Exposure CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

2.6LOW

EPSS

0.5%

top 33.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wireless Control System

Timeline

PublishedJun 28

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/wireless_control_system3.2\(51\)

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-fhhw-3xqr-cmmh: Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows bef↗2022-05-01

▶

CVEList

CVE-2006-3289: Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows bef↗2006-06-28

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Wireless Control System↗2006-06-28

▶