CVE-2008-3821
published 2009-01-16CVE-2008-3821: Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or…
medium4.3CVSS 3.1
AVNACMAuNCNIPAN
EXPLOIT
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
Affected
285 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
GHSA
GHSA-xrr6-c8rc-c2wp: Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11
ghsa_unreviewed·2022-05-02
CVE-2008-3821 [MEDIUM] CWE-79 GHSA-xrr6-c8rc-c2wp: Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
GHSA
GHSA-qf9h-mh7c-795m: Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12
ghsa_unreviewed·2022-05-02·CVSS 4.3
CVE-2009-0470 [MEDIUM] CWE-79 GHSA-qf9h-mh7c-795m: Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821.
Cisco
Cisco IOS Cross-Site Scripting Vulnerabilities
vendor_cisco·2009-06-19
Cisco IOS Cross-Site Scripting Vulnerabilities
Cisco IOS Cross-Site Scripting Vulnerabilities
Three separate Cisco IOS® Hypertext Transfer Protocol (HTTP) cross-site scripting (XSS) vulnerabilities and a cross-site request forgery (CSRF) vulnerability have been reported to Cisco by three independent researchers. ProCheckup has posted a Security Advisory titled "XSS on Cisco IOS HTTP Server" posted at http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19.
Cisco would like to thank Adrian Pastor and Richard J. Brain of ProCheckUp and Nobuhiro Tsuji of NTT Data Security Corporation with co-operation of JPCert.
This Cisco Security Response is posted at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090114-http.
Additional Information
This response covers three
Cisco
Cisco IOS HTTP Server Ping Parameter Cross-Site Scripting Vulnerability
vendor_cisco·2009-01-14·CVSS 4.3
CVE-2008-3821 [MEDIUM] CWE-79 Cisco IOS HTTP Server Ping Parameter Cross-Site Scripting Vulnerability
Cisco IOS HTTP Server Ping Parameter Cross-Site Scripting Vulnerability
Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary HTML and script code in the user's browser session.
The vulnerability exists due to an input sanitization error in the embedded HTTP server. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to follow a malicious link. This action could allow the attacker to execute arbitrary HTML and script code in the user's browser session.
Cisco has confirmed this vulnerability and released updated software.
The vulnerability exists due to an error in the embedded HTTP server in Cisco IOS Software. Security best practices dictate that administrators disable this server when
No detection rules found.
No writeups or analysis indexed.
http://jvn.jp/en/jp/JVN28344798/index.htmlhttp://osvdb.org/51393http://osvdb.org/51394http://secunia.com/advisories/33461http://securityreason.com/securityalert/4916http://securitytracker.com/id?1021598http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.htmlhttp://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19http://www.securityfocus.com/archive/1/500063/100/0/threadedhttp://www.securityfocus.com/bid/33260http://www.vupen.com/english/advisories/2009/0138https://exchange.xforce.ibmcloud.com/vulnerabilities/47947http://jvn.jp/en/jp/JVN28344798/index.htmlhttp://osvdb.org/51393http://osvdb.org/51394http://secunia.com/advisories/33461http://securityreason.com/securityalert/4916http://securitytracker.com/id?1021598http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.htmlhttp://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19http://www.securityfocus.com/archive/1/500063/100/0/threadedhttp://www.securityfocus.com/bid/33260http://www.vupen.com/english/advisories/2009/0138https://exchange.xforce.ibmcloud.com/vulnerabilities/47947
2009-01-16
Published