Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0962

CWE-79 — Cross-site Scripting (XSS)7 documents6 sources

Severity

4.3MEDIUM

EPSS

5.5%

top 9.77%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco Unified Operations Manager

Timeline

PublishedMay 20

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/unified_operations_manager8.5+9

🔴Vulnerability Details

GHSA

GHSA-hq75-7jp8-q8x3: Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com↗2022-05-17

▶

CVEList

CVE-2011-0962: Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com↗2011-05-20

▶

💥Exploits & PoCs

Exploit-DB

Cisco Unified Operations Manager 8.5 - Common Services Device Center Cross-Site Scripting↗2011-05-18

▶

Exploit-DB

Cisco Unified Operations Manager - Multiple Vulnerabilities↗2011-05-18

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt↗2011-05-18

▶

📋Vendor Advisories

Cisco

Cisco Unified Operations Manager Common Services Device Center Cross-Site Scripting Vulnerability↗2011-05-18

▶