CVE-2011-0961
published 2011-05-20CVE-2011-0961: Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote…
PriorityP427medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.15%
91.4th percentile
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ciscoworks_common_services | <= 3.3 | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jgm5-f5vx-vqj5: Cross-site scripting (XSS) vulnerability in cwhp/device
ghsa_unreviewed·2022-05-17
CVE-2011-0961 [MEDIUM] CWE-79 GHSA-jgm5-f5vx-vqj5: Cross-site scripting (XSS) vulnerability in cwhp/device
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
Cisco
CiscoWorks Common Services Framework Help Servlet Cross-Site Scripting Vulnerability
vendor_cisco·2011-05-18·CVSS 4.3
CVE-2011-0961 [MEDIUM] CWE-79 CiscoWorks Common Services Framework Help Servlet Cross-Site Scripting Vulnerability
CiscoWorks Common Services Framework Help Servlet Cross-Site Scripting Vulnerability
CiscoWorks Common Services contains a cross-site scripting vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.
The vulnerability is due to improper validation of malformed user input supplied via URL parameters to the affected application. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious link. If successful, the attacker could execute arbitrary script or HTML code in the user's browser in the security context of the affected site.
Exploit code is available.
Cisco has confirmed this vulnerability and has released updated software.
To exploit this vulnerability, an attacker must convince a
Suricata
ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0961 ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt
ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"/cwhp/device.center.do?device="; nocase; pcre:"/^.+(?:alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ri"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0961; classtype:web-application-attack; sid:2012825; rev:4; metadata:created_at 2011_05_18, cve CVE_2011_0961, signature_severity Major, updated_at 2020_04_20;)
Exploit-DB
CiscoWorks Common Services Framework 3.1.1 Help Servlet - Cross-Site Scripting
exploitdb·2011-05-18
CVE-2011-0961 CiscoWorks Common Services Framework 3.1.1 Help Servlet - Cross-Site Scripting
CiscoWorks Common Services Framework 3.1.1 Help Servlet - Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/47902/info
CiscoWorks Common Services is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and launch other attacks.
This issue is being monitored by Cisco Bug ID CSCto12704.
CiscoWorks Common Services 3.3 and prior are vulnerable.
http://www.example.com/cwhp/device.center.do?device=&72a9f">alert(1)5f5251aaad=1
Exploit-DB
Cisco Unified Operations Manager - Multiple Vulnerabilities
exploitdb·2011-05-18·CVSS 4.3
CVE-2011-0966 [MEDIUM] Cisco Unified Operations Manager - Multiple Vulnerabilities
Cisco Unified Operations Manager - Multiple Vulnerabilities
---
Sense of Security - Security Advisory - SOS-11-006
Release Date. 18-May-2011
Last Update. -
Vendor Notification Date. 28-Feb-2011
Product. Cisco Unified Operations Manager
Common Services Framework Help Servlet
Common Services Device Center
CiscoWorks Homepage
Note: All of the above products are
included by default in CuOM.
Platform. Microsoft Windows
Affected versions. CuOM 8.0 and 8.5 (verified),
possibly others.
Severity Rating. Medium - Low
Impact. Database access, cookie and credential
theft, impersonation, loss of
confidentiality, local file disclosure,
information disclosure.
Attack Vector. Remote with authentication
Solution Status. Vendor patch (upgrade to CuOM 8.6 as
advised by Cisco)
CVE reference. CVE-2011-0959
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlhttp://tools.cisco.com/security/center/viewAlert.x?alertId=23088http://www.exploit-db.com/exploits/17304http://www.securityfocus.com/bid/47902http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67523http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlhttp://tools.cisco.com/security/center/viewAlert.x?alertId=23088http://www.exploit-db.com/exploits/17304http://www.securityfocus.com/bid/47902http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67523
2011-05-20
Published