cbcvebase.
CVE-2011-0959
published 2011-05-20

CVE-2011-0959: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script…

PriorityP430medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
21.46%
97.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

Affected

10 ranges
VendorProductVersion rangeFixed in
ciscounified_operations_manager<= 8.5
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.