CVE-2011-0959
published 2011-05-20CVE-2011-0959: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script…
PriorityP430medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
21.46%
97.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | unified_operations_manager | <= 8.5 | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5cgr-rxfv-wjgv: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8
ghsa_unreviewed·2022-05-17
CVE-2011-0959 [MEDIUM] CWE-79 GHSA-5cgr-rxfv-wjgv: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
Cisco
Cisco Unified Operations Manager Multiple Cross-Site Scripting Vulnerabilities
vendor_cisco·2011-05-18·CVSS 4.3
CVE-2011-0959 [MEDIUM] CWE-79 Cisco Unified Operations Manager Multiple Cross-Site Scripting Vulnerabilities
Cisco Unified Operations Manager Multiple Cross-Site Scripting Vulnerabilities
Cisco Unified Operations Manager contains multiple cross-site scripting vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.
The vulnerability is due to insufficient validation of user-supplied input to certain scripts that make up the affected application. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious link. If successful, the attacker could conduct cross-site scripting attacks and gain access to sensitive information.
Exploit code is available.
Cisco has confirmed this vulnerability and has released updated software.
An attacker cannot directly exploit this vulnerability without user parti
Suricata
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager advancedfind.do Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0959 ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager advancedfind.do Reflective XSS Attempt
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager advancedfind.do Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager advancedfind.do Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"/iptm/advancedfind.do?extn="; nocase; pcre:"/^.+(?:alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ri"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0959; classtype:web-application-attack; sid:2012819; rev:3; metadata:created_at 2011_05_18, cve CVE_2011_0959, signature_severity Major, updated_at 2020_04_20;)
Suricata
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon_wrapper.jsp Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0959 ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon_wrapper.jsp Reflective XSS Attempt
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon_wrapper.jsp Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon_wrapper.jsp Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp?"; nocase; content:"Name="; nocase; pcre:"/\x2Ejsp\x3F(?:clusterName|deviceName)\x3D.+(?:alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/i"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0959; classtype:web-application-attack; sid:2012822; rev:3; metadata:created_at 2011_05_18, cve CVE_2011_0959, signature_severity Major, updated_at 202
Suricata
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager deviceInstanceName Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0959 ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager deviceInstanceName Reflective XSS Attempt
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager deviceInstanceName Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager deviceInstanceName Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"deviceCapability=deviceCap"; nocase; content:"/iptm/ddv.do?deviceInstanceName="; nocase; pcre:"/^.+(?:alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ri"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0959; classtype:web-application-attack; sid:2012820; rev:3; metadata:created_at 2011_05_18, cve CVE_2011_0959, signature_severity Major, updated_at 2020_04_20;)
Suricata
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager clusterName Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0959 ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager clusterName Reflective XSS Attempt
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager clusterName Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager clusterName Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"/iptm/logicalTopo.do?clusterName="; nocase; pcre:"/^.+(?:alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ri"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0959; classtype:web-application-attack; sid:2012823; rev:3; metadata:created_at 2011_05_18, cve CVE_2011_0959, signature_severity Major, updated_at 2020_04_20;)
Suricata
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0959 ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon Reflective XSS Attempt
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"/iptm/eventmon?cmd="; nocase; content:"&dojo.preventCache="; nocase; pcre:"/cmd\x3D(?:filterHelper|getDeviceData\x26group\x3D).+(?:alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/i"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0959; classtype:web-application-attack; sid:2012821; rev:3; metadata:created_at 2011_05_18, cve CVE_2011_0959, signature_severity Major, updated_at 2020_04_20;)
Exploit-DB
Cisco Unified Operations Manager 8.5 - 'iptm/ddv.do?deviceInstanceName' Cross-Site Scripting
exploitdb·2011-06-18
CVE-2011-0959 Cisco Unified Operations Manager 8.5 - 'iptm/ddv.do?deviceInstanceName' Cross-Site Scripting
Cisco Unified Operations Manager 8.5 - 'iptm/ddv.do?deviceInstanceName' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/47901/info
Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. Other attacks may also be possible.
This issue is being tracked by Cisco Bug ID CSCtn61716.
Cisco Unified Operations Manager versions prior to 8.6 are vulnerable.
http://www.example.com/iptm/ddv.do?deviceInstanceName=f3806"%3balert(1)//9b92b050cf5&deviceC
apability=de
Exploit-DB
Cisco Unified Operations Manager 8.5 - '/iptm/logicalTopo.do' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2011-06-18
CVE-2011-0959 Cisco Unified Operations Manager 8.5 - '/iptm/logicalTopo.do' Multiple Cross-Site Scripting Vulnerabilities
Cisco Unified Operations Manager 8.5 - '/iptm/logicalTopo.do' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/47901/info
Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. Other attacks may also be possible.
This issue is being tracked by Cisco Bug ID CSCtn61716.
http://www.example.com/iptm/logicalTopo.do?clusterName=&ccmName=ed1b1"%3balert(1)//cda6137ae
4c
http://www.example.com/iptm/logicalTopo.do?clusterName=db4c1"%3bal
Exploit-DB
Cisco Unified Operations Manager 8.5 - 'iptm/advancedfind.do?extn' Cross-Site Scripting
exploitdb·2011-06-18
CVE-2011-0959 Cisco Unified Operations Manager 8.5 - 'iptm/advancedfind.do?extn' Cross-Site Scripting
Cisco Unified Operations Manager 8.5 - 'iptm/advancedfind.do?extn' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/47901/info
Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. Other attacks may also be possible.
This issue is being tracked by Cisco Bug ID CSCtn61716.
Cisco Unified Operations Manager versions prior to 8.6 are vulnerable.
http://www.example.com/iptm/advancedfind.do?extn=73fcbalert(1)23fbe43447
Exploit-DB
Cisco Unified Operations Manager 8.5 - iptm/eventmon Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2011-06-18
CVE-2011-0959 Cisco Unified Operations Manager 8.5 - iptm/eventmon Multiple Cross-Site Scripting Vulnerabilities
Cisco Unified Operations Manager 8.5 - iptm/eventmon Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/47901/info
Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. Other attacks may also be possible.
This issue is being tracked by Cisco Bug ID CSCtn61716.
Cisco Unified Operations Manager versions prior to 8.6 are vulnerable.
http://www.example.com/iptm/eventmon?cmd=filterHelperca99balert(1)542256870
d5&viewname=device.filt
Exploit-DB
Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2011-06-18
CVE-2011-0959 Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities
Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/47901/info
Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. Other attacks may also be possible.
This issue is being tracked by Cisco Bug ID CSCtn61716.
Cisco Unified Operations Manager versions prior to 8.6 are vulnerable.
http://www.example.com/iptm/faultmon/ui/dojo/Main/eventmon_wra
Exploit-DB
Cisco Unified Operations Manager - Multiple Vulnerabilities
exploitdb·2011-05-18·CVSS 4.3
CVE-2011-0966 [MEDIUM] Cisco Unified Operations Manager - Multiple Vulnerabilities
Cisco Unified Operations Manager - Multiple Vulnerabilities
---
Sense of Security - Security Advisory - SOS-11-006
Release Date. 18-May-2011
Last Update. -
Vendor Notification Date. 28-Feb-2011
Product. Cisco Unified Operations Manager
Common Services Framework Help Servlet
Common Services Device Center
CiscoWorks Homepage
Note: All of the above products are
included by default in CuOM.
Platform. Microsoft Windows
Affected versions. CuOM 8.0 and 8.5 (verified),
possibly others.
Severity Rating. Medium - Low
Impact. Database access, cookie and credential
theft, impersonation, loss of
confidentiality, local file disclosure,
information disclosure.
Attack Vector. Remote with authentication
Solution Status. Vendor patch (upgrade to CuOM 8.6 as
advised by Cisco)
CVE reference. CVE-2011-0959
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlhttp://tools.cisco.com/security/center/viewAlert.x?alertId=23085http://www.exploit-db.com/exploits/17304http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67521http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlhttp://tools.cisco.com/security/center/viewAlert.x?alertId=23085http://www.exploit-db.com/exploits/17304http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67521
2011-05-20
Published