Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0470Cross-site Scripting in Cisco IOS

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
7.3%
top 8.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco IOS
Timeline
PublishedFeb 6
Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios12.4\(23\)

🔴Vulnerability Details

2
GHSA
GHSA-qf9h-mh7c-795m: Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 122022-05-02
CVEList
CVE-2009-0470: Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 122009-02-06

💥Exploits & PoCs

1
Exploit-DB
Cisco IOS 12.4(23) - HTTP Server Multiple Cross-Site Scripting Vulnerabilities2009-02-04
CVE-2009-0470 — Cross-site Scripting in Cisco IOS | cvebase