CVE-2011-0961

Published May 20, 2011

Last updated 9 months ago

Overview

Description: Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
Source: ykramarz@cisco.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C789014-B8C1-4883-BB5A-15410A35935B",
            "versionEndIncluding": "3.3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB432B6D-CFC5-4C0D-B655-58C595DAD622"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A94D689-5C27-4F34-806F-CD107ADF9893"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C905C4D-58D5-46E3-944F-53DCB147B34C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B91D77A-A96A-4A64-AFFE-7ECE001D2038"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88AD3EC2-36B1-4E34-BD7F-B1D02B32178A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CC9C408-0BE2-45A6-ACB3-B9EBB22BC773"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "499CD64C-8692-4BE7-8F5E-5964ACDA1972"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2152A29-7074-4659-AA8A-BB3E793ED4A6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "518309CD-F453-4B0B-8C1D-E534CE0E336B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References