Lucene search

[email protected]CVE-2010-2986

HistoryAug 10, 2010 - 12:23 p.m.

CVE-2010-2986

2010-08-1012:23:06

CWE-79

[email protected]

web.nvd.nist.gov

cisco

wcs

xss vulnerability

quicksearchaction.do

cve-2010-2986

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.7%

JSON

Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288.

Affected configurations

NVD

Node

ciscowireless_control_system_softwareRange≤6.0.188.0

ciscowireless_control_system_softwareMatch3.2.78.0

ciscowireless_control_system_softwareMatch4.0.155.5

ciscowireless_control_system_softwareMatch4.1

ciscowireless_control_system_softwareMatch4.1.83.0

ciscowireless_control_system_softwareMatch4.1.91.0

ciscowireless_control_system_softwareMatch4.1.171.0

ciscowireless_control_system_softwareMatch4.1.191.xm

ciscowireless_control_system_softwareMatch4.1.192.35m

ciscowireless_control_system_softwareMatch4.1.192.xm

ciscowireless_control_system_softwareMatch4.2.62.0

ciscowireless_control_system_softwareMatch4.2.62.11

ciscowireless_control_system_softwareMatch4.2.81.0

ciscowireless_control_system_softwareMatch4.2.97.0

ciscowireless_control_system_softwareMatch4.2.110.0

ciscowireless_control_system_softwareMatch4.2.128.0

ciscowireless_control_system_softwareMatch4.2.130.0

ciscowireless_control_system_softwareMatch4.2.173.0

ciscowireless_control_system_softwareMatch4.2.176.0

ciscowireless_control_system_softwareMatch4.2.209.0

ciscowireless_control_system_softwareMatch5.0.56.0

ciscowireless_control_system_softwareMatch5.0.56.2

ciscowireless_control_system_softwareMatch5.0.148.0

ciscowireless_control_system_softwareMatch5.1.64.0

ciscowireless_control_system_softwareMatch5.1.65.4

ciscowireless_control_system_softwareMatch5.1.151.0

ciscowireless_control_system_softwareMatch5.2.110.0

ciscowireless_control_system_softwareMatch5.2.125.0

ciscowireless_control_system_softwareMatch5.2.130.0

ciscowireless_control_system_softwareMatch5.2.148.0

ciscowireless_control_system_softwareMatch5.2.157.0

ciscowireless_control_system_softwareMatch6.0

ciscowireless_control_system_softwareMatch6.0.132.0

ciscowireless_control_system_softwareMatch6.0.170.0

ciscowireless_control_system_softwareMatch6.0.181.0

ciscowireless_control_system_softwareMatch6.0.182.0

ciscowireless_control_system_softwareMatch7.0

ciscowireless_control_system_softwareMatch7.0.98.0

CPENameOperatorVersion
cisco:wireless_control_system_softwarecisco wireless control system softwarele6.0.188.0
cisco:wireless_control_system_softwarecisco wireless control system softwareeq3.2.78.0
cisco:wireless_control_system_softwarecisco wireless control system softwareeq4.0.155.5
cisco:wireless_control_system_softwarecisco wireless control system softwareeq4.1
cisco:wireless_control_system_softwarecisco wireless control system softwareeq4.1.83.0
cisco:wireless_control_system_softwarecisco wireless control system softwareeq4.1.91.0
cisco:wireless_control_system_softwarecisco wireless control system softwareeq4.1.171.0
cisco:wireless_control_system_softwarecisco wireless control system softwareeq4.1.191.xm
cisco:wireless_control_system_softwarecisco wireless control system softwareeq4.1.192.35m
cisco:wireless_control_system_softwarecisco wireless control system softwareeq4.1.192.xm

CPE	Name	Operator	Version
cisco:wireless_control_system_software	cisco wireless control system software	le	6.0.188.0
cisco:wireless_control_system_software	cisco wireless control system software	eq	3.2.78.0
cisco:wireless_control_system_software	cisco wireless control system software	eq	4.0.155.5
cisco:wireless_control_system_software	cisco wireless control system software	eq	4.1
cisco:wireless_control_system_software	cisco wireless control system software	eq	4.1.83.0
cisco:wireless_control_system_software	cisco wireless control system software	eq	4.1.91.0
cisco:wireless_control_system_software	cisco wireless control system software	eq	4.1.171.0
cisco:wireless_control_system_software	cisco wireless control system software	eq	4.1.191.xm
cisco:wireless_control_system_software	cisco wireless control system software	eq	4.1.192.35m
cisco:wireless_control_system_software	cisco wireless control system software	eq	4.1.192.xm

Rows per page:

1-10 of 381

References

secunia.com/advisories/40827

www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html

www.securityfocus.com/archive/1/512878/100/0/threaded

www.securityfocus.com/bid/42216

www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for CVE-2010-2986

prion1 cvelist1 nvd1