CVE-2011-0962
published 2011-05-20CVE-2011-0962: Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations…
PriorityP426medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.65%
90.6th percentile
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | unified_operations_manager | <= 8.5 | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hq75-7jp8-q8x3: Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com
ghsa_unreviewed·2022-05-17
CVE-2011-0962 [MEDIUM] CWE-79 GHSA-hq75-7jp8-q8x3: Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
Cisco
Cisco Unified Operations Manager Common Services Device Center Cross-Site Scripting Vulnerability
vendor_cisco·2011-05-18·CVSS 4.3
CVE-2011-0962 [MEDIUM] CWE-79 Cisco Unified Operations Manager Common Services Device Center Cross-Site Scripting Vulnerability
Cisco Unified Operations Manager Common Services Device Center Cross-Site Scripting Vulnerability
Cisco Unified Operations Manager contains a cross-site scripting vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.
The vulnerability is due to improper validation of user input supplied to the Common Services Device Center component used by the affected application. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious link. If successful, the attacker could conduct cross-site scripting attacks and access sensitive information.
Exploit code is available.
Cisco has confirmed this vulnerability; however, software updates are not available.
An attacker cannot directly exploit this
Suricata
ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0962 ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt
ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"/CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine?tag=Portal_introductionhomepage"; nocase; pcre:"/^.+(alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ri"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0962; classtype:web-application-attack; sid:2012824; rev:3; metadata:created_at 2011_05_18, cve CVE_2011_0962, signature_severity Major, updated_at 2020_04_20;)
Exploit-DB
Cisco Unified Operations Manager 8.5 - Common Services Device Center Cross-Site Scripting
exploitdb·2011-05-18
CVE-2011-0962 Cisco Unified Operations Manager 8.5 - Common Services Device Center Cross-Site Scripting
Cisco Unified Operations Manager 8.5 - Common Services Device Center Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/47903/info
Cisco Unified Operations Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This issue is being tracked by Cisco Bug ID CSCto12712.
Cisco Unified Operations Manager versions prior to 8.6 are vulnerable.
http://www.example.com/CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine?tag=Portal_introductionhomepage61a8b"%3balert(1)
Exploit-DB
Cisco Unified Operations Manager - Multiple Vulnerabilities
exploitdb·2011-05-18·CVSS 4.3
CVE-2011-0966 [MEDIUM] Cisco Unified Operations Manager - Multiple Vulnerabilities
Cisco Unified Operations Manager - Multiple Vulnerabilities
---
Sense of Security - Security Advisory - SOS-11-006
Release Date. 18-May-2011
Last Update. -
Vendor Notification Date. 28-Feb-2011
Product. Cisco Unified Operations Manager
Common Services Framework Help Servlet
Common Services Device Center
CiscoWorks Homepage
Note: All of the above products are
included by default in CuOM.
Platform. Microsoft Windows
Affected versions. CuOM 8.0 and 8.5 (verified),
possibly others.
Severity Rating. Medium - Low
Impact. Database access, cookie and credential
theft, impersonation, loss of
confidentiality, local file disclosure,
information disclosure.
Attack Vector. Remote with authentication
Solution Status. Vendor patch (upgrade to CuOM 8.6 as
advised by Cisco)
CVE reference. CVE-2011-0959
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlhttp://tools.cisco.com/security/center/viewAlert.x?alertId=23087http://www.exploit-db.com/exploits/17304http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67524http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlhttp://tools.cisco.com/security/center/viewAlert.x?alertId=23087http://www.exploit-db.com/exploits/17304http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67524
2011-05-20
Published