CiscoWorks Common Services Framework 3.1.1 Help Servlet – Cross-Site Scripting

• Exploit Database
• 18 阅读

• 作者： Sense of Security
  日期： 2011-05-18
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/35779/

• source: https://www.securityfocus.com/bid/47902/info
  
  CiscoWorks Common Services is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
  
  Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and launch other attacks.
  
  This issue is being monitored by Cisco Bug ID CSCto12704.
  
  CiscoWorks Common Services 3.3 and prior are vulnerable. 
  
  http://www.example.com/cwhp/device.center.do?device=&72a9f"><script>alert(1)</script>5f5251aaad=1