Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3821Cross-site Scripting in Cisco IOS

CWE-79Cross-site Scripting9 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
8.9%
top 7.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco IOS
Timeline
PublishedJan 16
Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios285 versions+284

🔴Vulnerability Details

4
GHSA
GHSA-xrr6-c8rc-c2wp: Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 112022-05-02
GHSA
GHSA-qf9h-mh7c-795m: Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 122022-05-02
CVEList
CVE-2009-0470: Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 122009-02-06
CVEList
CVE-2008-3821: Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 112009-01-16

💥Exploits & PoCs

1
Exploit-DB
Cisco IOS 12.x - HTTP Server Multiple Cross-Site Scripting Vulnerabilities2009-01-14

📋Vendor Advisories

2
Cisco
Cisco IOS Cross-Site Scripting Vulnerabilities2009-06-19
Cisco
Cisco IOS HTTP Server Ping Parameter Cross-Site Scripting Vulnerability2009-01-14
CVE-2008-3821 — Cross-site Scripting in Cisco IOS | cvebase