Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0961

CWE-79 — Cross-site Scripting (XSS)7 documents6 sources

Severity

4.3MEDIUM

EPSS

14.9%

top 5.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco Ciscoworks Common Services

Timeline

PublishedMay 20

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/ciscoworks_common_services3.3+10

🔴Vulnerability Details

GHSA

GHSA-jgm5-f5vx-vqj5: Cross-site scripting (XSS) vulnerability in cwhp/device↗2022-05-17

▶

CVEList

CVE-2011-0961: Cross-site scripting (XSS) vulnerability in cwhp/device↗2011-05-20

▶

💥Exploits & PoCs

Exploit-DB

CiscoWorks Common Services Framework 3.1.1 Help Servlet - Cross-Site Scripting↗2011-05-18

▶

Exploit-DB

Cisco Unified Operations Manager - Multiple Vulnerabilities↗2011-05-18

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt↗2011-05-18

▶

📋Vendor Advisories

Cisco

CiscoWorks Common Services Framework Help Servlet Cross-Site Scripting Vulnerability↗2011-05-18

▶